Newsgroups: comp.sys.3b1
Path: utzoo!utgpu!cunews!micor!latour!ecicrl!clewis
From: clewis@ferret.ocunix.on.ca (Chris Lewis)
Subject: Re: COPS security audit and the unix pc.
Message-ID: <1991Apr07.040225.5403@ferret.ocunix.on.ca>
Date: Sun, 07 Apr 91 04:02:25 GMT
References: <563@iczer-1.UUCP> <1991Apr03.201214.8915@ferret.ocunix.on.ca> <580@iczer-1.UUCP>
Organization: Elegant Communications Inc, Ottawa, Canada

In article <580@iczer-1.UUCP> emm@iczer-1.UUCP (Edward M. Markowski) writes:
>In article <1991Apr03.201214.8915@ferret.ocunix.on.ca> clewis@ferret.ocunix.on.ca (Chris Lewis) writes:
>|In article <563@iczer-1.UUCP> emm@iczer-1.UUCP (Edward M. Markowski) writes:
>|It's in the defs.h for B news.  However, it won't work on System V systems
>|because of the way setuid/setgid programs, setuid()/setgid() and mkdir
>|works.  (as in, if a setuid program calls mkdir, the directory ends up
>|being owned by the real user not the effective, rnews can't write
>|into it, and there's no "elegant" way around it in System V)  Which is why
>|C-news goes to all of the kludgey junk for the "setnewsids" program which
>|runs as setuid root to run relaynews properly.

>|Bnews has no such kludge, though you could retrofit setnewsids if you wanted.

>It works here.  I am have a 3B1, which is running System V I do not seem
>to have that problem.

I just went back and ran some tests with 2.11 PL 19.  And sure nuff, it does work.

It didn't work back in 2.10.x days which I guess is why I thought
it still didn't in 2.11.  It works by chmod 777'ing the parent, mkdir'ing the
directory, owned by the real id (not news), and then "giving it away" to news and
then resetting the parent.  Urgh.  Still wouldn't work in some versions of
UNIX (eg: V7 where chown is usually disabled).  This mechanism wouldn't
work in BSD, but in BSD you can setuid(geteuid()).  C-news uses a simpler
approach by doing a setuid(geteuid()) on all of relaynews, which can't be
done on System V, so the setnewsid program does it as setuid root (via
an equivalent of setuid(getpwnam("news")->pw_uid)) and then exec'ing relaynews.
-- 
Chris Lewis,
clewis@ferret.ocunix.on.ca or ...uunet!mitel!cunews!latour!ecicrl!clewis
Psroff support: psroff-request@eci386.uucp, or call 613-832-0541 (Canada)
**** somebody's mailer is appending .bitnet to my From: address.  If you
see this, please use the address in the signature, and send me a copy
of the headers of the mail message with the .bitnet return address.  Thanks!
