*BSD News Article 12642


Return to BSD News archive

Newsgroups: comp.os.386bsd.bugs
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!usc!rpi!ghost.dsi.unimi.it!serini
From: serini@ghost.dsi.unimi.it (Piero Serini)
Subject: chmod(1) patches
Organization: Computer Science Dep. - Milan University
Date: Thu, 11 Mar 1993 01:13:11 GMT
Message-ID: <1993Mar11.011311.28156@ghost.dsi.unimi.it>
Lines: 256

Hi all.
Please find here enclosed a diff file to patch
/usr/src/usr.sbin/chmod/*  files:

If compiled with -DONLYROOT it acts the standard mode,
else allows non-root users to chown files to other users.
File ownership must be the same of the caller's id,
and bits s-uid and s-gid are cleared before chown cahnges
file(s)' ownership.

Bye
Piero


*** Makefile.orig	Wed Mar 10 19:15:46 1993
--- Makefile	Wed Mar 10 19:01:33 1993
***************
*** 1,9 ****
--- 1,13 ----
  #	@(#)Makefile	5.4 (Berkeley) 10/26/90
  
+ # to compile in standard mode, add -DONLYROOT to CFLAGS, and comment BINOWN and BINMODE
+ 
  PROG=	chown
  CFLAGS+=-DSUPPORT_DOT
  MAN1=	chgrp.0
  MAN8=	chown.0
+ BINOWN= root
+ BINMODE=4555
  LINKS=	${BINDIR}/chown /usr/bin/chgrp
  
  .include <bsd.prog.mk>
*** chgrp.1.orig	Wed Mar 10 19:15:57 1993
--- chgrp.1	Wed Mar 10 19:26:49 1993
***************
*** 79,87 ****
  A pathname of a file whose group ID is to be modified.
  .El
  .Pp
! The user invoking
! must belong
! to the specified group and be the owner of the file, or be the super-user.
  .Pp
  The
  .Nm chgrp
--- 79,90 ----
  A pathname of a file whose group ID is to be modified.
  .El
  .Pp
! If chown(8) is compiled in standard mode, the user invoking
! .Nm chgrp
! must belong to the specified group and be the owner of the file,
! or be the super-user, otherwise the user invoking
! .Nm chgrp
! must be the owner of the file or the super-user.
  .Pp
  The
  .Nm chgrp
***************
*** 101,103 ****
--- 104,113 ----
  .Nm chgrp
  function is expected to be POSIX 1003.2 compatible.
  This manual page is derived from the POSIX 1003.2 manual page.
+ .Sh AUTHORS
+ This version of
+ .Nm chgrp
+ is Copyright (c) 1988 Regents of the University of California.
+ .Pp
+ If not compiled in standard mode, please send all bug reports
+ to Piero Serini (piero@strider.st.dsi.unimi.it)
*** chown.8.orig	Wed Mar 10 19:16:15 1993
--- chown.8	Wed Mar 10 19:27:11 1993
***************
*** 80,87 ****
  If a group name is also a numeric group ID, the operand is used as a
  group name.
  .Pp
! The ownership of a file may only be altered by a super-user for
! obvious security reasons.
  .Pp
  The owner and group of symbolic links are themselves changed instead
  of the file to which the link points.
--- 80,95 ----
  If a group name is also a numeric group ID, the operand is used as a
  group name.
  .Pp
! If
! .Nm chown
! is compiled in standard mode, the ownership of a file may only be
! altered by the super-user, otherwise the user invoking
! .Nm chown
! must be the owner of the file or the super-user.
! .Pp
! For security reasons, both set-user-uid-on-execution bit and
! set-group-id-on-execution bit are cleared before the ownership
! or the group of the file(s) are changed.
  .Pp
  The owner and group of symbolic links are themselves changed instead
  of the file to which the link points.
***************
*** 103,105 ****
--- 111,120 ----
  The
  .Nm chown
  command is expected to be POSIX 1003.2 compliant.
+ .Sh AUTHORS
+ This version of
+ .Nm chown
+ is Copyright (c) 1988 Regents of the University of California.
+ .Pp
+ If not compiled in standard mode, please send all bug reports
+ to Piero Serini (piero@strider.st.dsi.unimi.it)
*** chown.c.orig	Wed Mar 10 19:16:24 1993
--- chown.c	Wed Mar 10 18:58:42 1993
***************
*** 31,36 ****
--- 31,41 ----
   * SUCH DAMAGE.
   */
  
+ /*
+  * ONLYROOT flag added by Piero Serini (piero@strider.st.dsi.unimi.it)
+  * Wed Mar 10 18:58:19 MET 1993
+  */
+ 
  #ifndef lint
  char copyright[] =
  "@(#) Copyright (c) 1988 Regents of the University of California.\n\
***************
*** 44,49 ****
--- 49,55 ----
  #include <sys/param.h>
  #include <sys/stat.h>
  #include <sys/errno.h>
+ #include <sys/types.h>
  #include <dirent.h>
  #include <fts.h>
  #include <pwd.h>
***************
*** 54,62 ****
  #include <stdlib.h>
  #include <string.h>
  
! int ischown, uid, gid, fflag, rflag, retval;
  char *gname, *myname;
  
  main(argc, argv)
  	int argc;
  	char **argv;
--- 60,72 ----
  #include <stdlib.h>
  #include <string.h>
  
! int ischown, fflag=0, rflag=0, retval=0;
! int uid, my_uid;
! int gid;
  char *gname, *myname;
  
+ int	Chown(char *, int, int);
+ 
  main(argc, argv)
  	int argc;
  	char **argv;
***************
*** 67,72 ****
--- 77,84 ----
  	register char *cp;
  	int ch;
  
+ 	my_uid = getuid();
+ 
  	myname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv;
  	ischown = myname[2] == 'o';
  
***************
*** 118,131 ****
  				error(p->fts_path);
  				continue;
  			}
! 			if (chown(p->fts_accpath, uid, gid) && !fflag)
! 				chownerr(p->fts_path);
  		}
  		exit(retval);
  	}
  	while (*++argv)
! 		if (chown(*argv, uid, gid) && !fflag)
  			chownerr(*argv);
  	exit(retval);
  }
  
--- 130,152 ----
  				error(p->fts_path);
  				continue;
  			}
! #ifdef ONLYROOT
! 			if (chown(p->fts_accpath, (int)uid, (int)gid) && !(fflag))
! 				chownerr(p->fts_accpath);
! #else
! 			Chown(p->fts_accpath, (int)uid, (int)gid);
! #endif ONLYROOT
  		}
  		exit(retval);
  	}
  	while (*++argv)
! #ifdef ONLYROOT
! 		if (chown(*argv, (int)uid, (int)gid) && !(fflag))
  			chownerr(*argv);
+ #else
+ 
+ 		Chown(*argv, (int)uid, (int)gid);
+ #endif ONLYROOT
  	exit(retval);
  }
  
***************
*** 175,180 ****
--- 196,232 ----
  			exit(1);
  		}
  	}
+ }
+ 
+ int
+ Chown(path, owner, group)	/* as we run setuid(root), we must check */
+ char	*path;			/* file ownership and bit(s) suid/sgid   */
+ int	owner;
+ int	group;
+ {
+ 	struct	stat	st;
+ 	extern	int	errno;
+ 
+ 	if (stat(path, &st) == -1) {
+ 		perror(path);
+ 		exit(1);
+ 	}
+ 	
+ 	/* check for file ownership */
+ 	if (my_uid) {
+ 		if (st.st_uid != my_uid) {
+ 			errno = EPERM;
+ 			perror(path);
+ 			return -1;
+ 		}
+ 	}
+ 
+ 	/* clear bit s_uid and s_gid */
+ 	if (st.st_mode & (S_ISGID | S_ISUID))
+ 		(void) chmod(path, st.st_mode & ~(S_ISGID | S_ISUID));
+ 
+ 	if (chown(path, owner, group) && !fflag)
+ 		chownerr(path);
  }
  
  chownerr(file)

-- 
------------------------------------------ Piero Serini -----------
Computer Science Dept.            E-mail: serini@ghost.dsi.unimi.it   
Univ. Statale - Milano - ITALY    or: piero@strider.st.dsi.unimi.it
--------------- Public Key available via finger(1) ----------------