Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!rutgers!princeton!udel!info-minix From: ESC1332@ESOC.bitnet (K.Keyte) Newsgroups: comp.os.minix Subject: SETUID problems with mkdir & rmdir Message-ID: <8707051653.a024161@Louie.UDEL.EDU> Date: Sun, 5-Jul-87 19:00:39 EDT Article-I.D.: Louie.8707051653.a024161 Posted: Sun Jul 5 19:00:39 1987 Date-Received: Sun, 5-Jul-87 22:49:12 EDT Sender: usenet@udel.EDU Distribution: world Lines: 31 To: INFO-MINIX@UDEL.EDU Of course everyone noticed, after a short time, that the 'cp' command doesn't maintain the SETUID bit. This is clearly for security. Setting the bit with chmod is no problem. There is another problem, however, with the mkdir and rmdir. They are not normally SETUID (at least, not on UNIX). The SETUID bit is needed on MINIX because they call the mknod system service which is reserved for super-user only. To check that the user actually has the required access to the parent directory, mkdir performs an 'access' call. This is almost entirely useless because the setting of the SETUID means that the caller automatically gets a protection mode permission of 07 (meaning that all access modes are granted). So, the overall effect is that mkdir and rmdir can be used by anyone to create and remove directories anywhere! This isn't right, and there are a number of possibilities. Has anyone tried anything, or got any ideas? I made an initial attempt by removing the effective super-user uid before the access call, but of course this means that real AND effective uids are then non super-user, i.e. you can't re-enable the super-user uid with setuid, and the subsequent mknod call fails! The access call makes a further call to 'forbidden' with a flag set to indicate that it should check the REAL uid and not the EFFECTIVE uid. This is ignored, since the file system 'init' program automatically sets the super-user flag for any caller having an effective uid of the super-user. It seems that the solution might be to steal access and modify it a bit, and use the new version inside mkdir and rmdir. Please give me your comments. Perhaps I'm overlooking a more obvious solution, but if I'm not I'm quite prepared to make the changes and post them out. PS: Are we actually allowed to mail Minix electronically (not the original source of course, but changes such as the one I've outlined above)? Karl Keyte