From netch@nn.kiev.ua  Mon May  8 07:11:05 2000
Return-Path: <netch@nn.kiev.ua>
Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4])
	by hub.freebsd.org (Postfix) with ESMTP id 87D1E37B97B
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  8 May 2000 07:11:02 -0700 (PDT)
	(envelope-from netch@nn.kiev.ua)
Received: from nn.kiev.ua (nn.kiev.ua [193.193.193.203])
	by segfault.kiev.ua (8) with ESMTP id REF99581
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 8 May 2000 17:10:56 +0300 (EEST)
	(envelope-from netch@nn.kiev.ua)
Received: (from netch@localhost)
	by nn.kiev.ua (8.9.3/8.9.3) id RAA05863;
	Mon, 8 May 2000 17:10:50 +0300 (EEST)
	(envelope-from netch)
Message-Id: <200005081410.RAA05863@nn.kiev.ua>
Date: Mon, 8 May 2000 17:10:50 +0300 (EEST)
From: netch@segfault.kiev.ua (Valentin Nechayev)
Sender: netch@nn.kiev.ua
Reply-To: netch@segfault.kiev.ua
To: FreeBSD-gnats-submit@freebsd.org
Subject: issetugid() does not follow syscall conventions
X-Send-Pr-Version: 3.2

>Number:         18450
>Category:       kern
>Synopsis:       issetugid() does not follow syscall conventions
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 08 07:20:00 PDT 2000
>Closed-Date:    Fri Dec 8 18:45:32 PST 2000
>Last-Modified:  Fri Dec 08 18:45:47 PST 2000
>Originator:     netch@netch.kiev.ua (Valentin Nechayev)
>Release:        FreeBSD 4.0-RELENG-20000506 i386
>Organization:
Lucky Netch Incorporated ;)
>Environment:

FreeBSD 4.0-RELENG-20000506 i386

>Description:

When process is "tainted" (see issetugid(2)), issetugid() returns -1
and sets errno to 1 instead of returning 1 without error.

>How-To-Repeat:

netch@nn:~/tmp>cat 9.c
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
int main() {
   int rc, se;
   errno = 0;
   rc = issetugid();
   se = errno;
   printf( "%d; (%d) %s\n", rc, se, strerror( se ) );
   return 1;
}
netch@nn:~/tmp>gcc -o 9 9.c
netch@nn:~/tmp>ls -l 9
-rwxr-xr-x  1 netch  wheel  7763 May  8 17:01 9
netch@nn:~/tmp>./9
0; (0) Undefined error: 0

netch@nn:~/tmp>ls -l 9
-rwsr-xr-x  1 root  wheel  7763 May  8 17:01 9
netch@nn:~/tmp>./9
-1; (1) Operation not permitted

>Fix:

--- kern_prot.c.orig	Mon May  8 17:02:50 2000
+++ kern_prot.c	Mon May  8 17:04:14 2000
@@ -893,8 +893,7 @@
 	 * a user without an exec - programs cannot know *everything*
 	 * that libc *might* have put in their data segment.
 	 */
-	if (p->p_flag & P_SUGID)
-		return (1);
+	p->p_retval[0] = (p->p_flag & P_SUGID) ? 1 : 0;
 	return (0);
 }
 

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ps 
State-Changed-When: Fri Dec 8 18:45:32 PST 2000 
State-Changed-Why:  
Committed! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18450 
>Unformatted:
