From nobody@FreeBSD.org  Sun Oct  7 20:41:12 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id D3D5937B407
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  7 Oct 2001 20:41:12 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f983fCv83034;
	Sun, 7 Oct 2001 20:41:12 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200110080341.f983fCv83034@freefall.freebsd.org>
Date: Sun, 7 Oct 2001 20:41:12 -0700 (PDT)
From: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
Subject: linux setre*uid() doesn't handle uid -1 properly
X-Send-Pr-Version: www-1.0

>Number:         31122
>Category:       kern
>Synopsis:       linux setre*uid() doesn't handle uid -1 properly
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 07 20:50:01 PDT 2001
>Closed-Date:    Sat Oct 13 22:48:05 PDT 2001
>Last-Modified:  Sat Oct 13 22:51:24 PDT 2001
>Originator:     Takanori Saneto
>Release:        5.0-CURRENT as of 2001/10/07
>Organization:
an individual
>Environment:
FreeBSD muse.sanewo 5.0-CURRENT FreeBSD 5.0-CURRENT #2: Sun Oct  7 18:06:09 JST 2001     root@muse.sanewo:/export/usr/obj/usr/src/sys/MUSE  i386
>Description:
Although manpage of setre*uid() says that "Passing -1 as an argument causes the corresponding value to remain
     unchanged," under linux ABI, they are
treated as if 65535 was specified. (Maybe this is i386 specific)
Because of this, vmware won't start up on CURRENT.

>How-To-Repeat:
Compile following program in linux environment and run it as root.
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>

void
printid()
{
  printf("ruid=%d, euid=%d\n", getuid(), geteuid());
}

int
main(int ac, char **av)
{
  printid();
  if (setreuid(-1,-1) < 0) { perror("setreuid"); exit(1); }
  printid();
}

>Fix:
Following patch should fix the problem. Yes, it's a quick hack.

Index: src/sys/compat/linux/linux_uid16.c
===================================================================
RCS file: /export/cvsup/cvs/src/sys/compat/linux/linux_uid16.c,v
retrieving revision 1.2
diff -u -u -r1.2 linux_uid16.c
--- linux_uid16.c	12 Sep 2001 08:36:57 -0000	1.2
+++ linux_uid16.c	15 Sep 2001 06:32:48 -0000
@@ -244,13 +244,16 @@
 	return (setuid(td, &bsd));
 }
 
+#define NOIDCHG16 ((l_uid16_t)-1)
+#define NOIDCHG32 ((uid_t) -1)
+
 int
 linux_setregid16(struct thread *td, struct linux_setregid16_args *args)
 {
 	struct setregid_args bsd;
 
-	bsd.rgid = args->rgid;
-	bsd.egid = args->egid;
+	bsd.rgid = args->rgid == NOIDCHG16? NOIDCHG32: args->rgid;
+	bsd.egid = args->egid == NOIDCHG16? NOIDCHG32: args->egid;
 	return (setregid(td, &bsd));
 }
 
@@ -259,8 +262,8 @@
 {
 	struct setreuid_args bsd;
 
-	bsd.ruid = args->ruid;
-	bsd.euid = args->euid;
+	bsd.ruid = args->ruid == NOIDCHG16? NOIDCHG32: args->ruid;
+	bsd.euid = args->euid == NOIDCHG16? NOIDCHG32: args->euid;
 	return (setreuid(td, &bsd));
 }
 
@@ -269,9 +272,9 @@
 {
 	struct setresgid_args bsd;
 
-	bsd.rgid = args->rgid;
-	bsd.egid = args->egid;
-	bsd.sgid = args->sgid;
+	bsd.rgid = args->rgid == NOIDCHG16? NOIDCHG32: args->rgid;
+	bsd.egid = args->egid == NOIDCHG16? NOIDCHG32: args->egid;
+	bsd.egid = args->sgid == NOIDCHG16? NOIDCHG32: args->sgid;
 	return (setresgid(td, &bsd));
 }
 
@@ -280,8 +283,8 @@
 {
 	struct setresuid_args bsd;
 
-	bsd.ruid = args->ruid;
-	bsd.euid = args->euid;
-	bsd.suid = args->suid;
+	bsd.ruid = args->ruid == NOIDCHG16? NOIDCHG32: args->ruid;
+	bsd.euid = args->euid == NOIDCHG16? NOIDCHG32: args->euid;
+	bsd.euid = args->suid == NOIDCHG16? NOIDCHG32: args->suid;
 	return (setresuid(td, &bsd));
 }


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: marcel 
State-Changed-When: Sat Oct 13 22:48:05 PDT 2001 
State-Changed-Why:  
Fixed. Thanks! 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31122 
>Unformatted:
