Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA5220 ; Tue, 22 Dec 92 13:00:22 EST Newsgroups: comp.unix.bsd Path: sserve!manuel.anu.edu.au!munnari.oz.au!metro!ipso!runxtsa!bde From: bde@runx.oz.au (Bruce Evans) Subject: Re: 386BSD - Bug in UFS file system + proposed fix Message-ID: <1992Dec21.081943.8395@runx.oz.au> Organization: RUNX Un*x Timeshare. Sydney, Australia. References: <1992Dec16.012248.8123@moxie.hou.tx.us> <1992Dec16.211422.3663@fcom.cc.utah.edu> Date: Mon, 21 Dec 92 08:19:43 GMT Lines: 60 In article <1992Dec16.211422.3663@fcom.cc.utah.edu> terry@cs.weber.edu (A Wizard of Earth C) writes: >In article <1992Dec16.012248.8123@moxie.hou.tx.us> hackney@moxie.hou.tx.us (Greg Hackney) writes: >>[ I posted this once, but I'm reasonably sure it didn't make it out ] >> >>There is a major bug in the 386BSD UFS code relating to file permissions. >>The major symptom is: >> >> Can't read most files that you don't own on a remote NFS 386BSD system, >> although there is public read permission, i.e.: >> >>-r--r--r-- 1 root other 5 Dec 15 19:15 /tmp/hell >> >>A very minor symptom is you can't read some LOCAL files, although >>there is public read permission, i.e. a file that looks like: >> >>-------r-- 1 root other 5 Dec 15 19:15 /tmp/hell >> >>[ This functionality seems broken on SunOS 4.1 too, but not on USL S5R4. ] > >[ ... fix deleted ... ] > >This fix seems a bad thing. In particular, you *don't* want to allow a >file which is world read or world execute to be read/executed by someone >who is a member of a group denied access. I think the fix is correct. It seems to be the same patch that I posted the other day, but is backwards. Fix undeleted: --- *** sys.386bsd/ufs/ufs_vnops.c.orig Tue Dec 15 19:07:09 1992 --- sys.386bsd/ufs/ufs_vnops.c Tue Dec 15 19:06:55 1992 *************** *** 201,207 **** found: ; } ! if ((ip->i_mode & mode) == mode) return (0); $eturn (EACCES); } --- 201,207 ---- found: ; } ! if ((ip->i_mode & mode) != 0) return (0); return (EACCES); } --- What is going on here? I think that the version in the ".orig" file is correct, but the version in the "new" file is what's already in 386BSD-0.1, and wrong. The patch is for access(). access() is supposed to check that all the bits (if any) are accessible (== mode) and not that at least one of the bits is accessible (!= 0). Checking all the modes should give more security unless access() is misused (are there any correct uses for access()? :-). -- Bruce Evans (bde@runx.oz.au)