[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setgid programs



Hello Benjamin,

> MiNT 1.10 seems to be unable to run programs with setgid-flag!
> 
> To test this, I copied `rm' to my home and made a chmod 2755:
> -rwxr-sr-x   1 benni    mail        29018 Apr 27 18:34 rm
> 
> In my spool dir, there is a lockfile, produced by elm:
> -r--------   1 benni    wheel       31322 Apr 27 17:45 benni.lock

I have also noticed the problem when porting Sokoban to the Atari; the
program had been made setuid-daemon (just like on the Sun), and wasn't
unable to remove the lock file it had just created in /tmp.

Apparently, the problem is that files are created with the real uid and
gid of the program, while only the effective uid/gid are considered for
filesystem permissions. This is undoubtedly a problem, but the
filesystems (minixfs & ramfs) are also responsible for this situation,
since they should create files with the effective uid/gid, not the real
ones... (I plead guilty for ramfs.)

Quick fix: make the program setuid-root (You don't care about intruders,
not on MiNT, do you?), since MiNT doesn't check permissions at all when
euid==0. Sokoban works fine with that.

Thierry.