Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!hao!oddjob!mimsy!chris From: chris@mimsy.UUCP (Chris Torek) Newsgroups: comp.unix.wizards Subject: Re: Setting process groups Message-ID: <9587@mimsy.UUCP> Date: Tue, 1-Dec-87 19:41:41 EST Article-I.D.: mimsy.9587 Posted: Tue Dec 1 19:41:41 1987 Date-Received: Sat, 5-Dec-87 00:18:53 EST References: <1765@unc.cs.unc.edu> <910@mcgill-vision.UUCP> <1261@saturn.ucsc.edu> <6305@ncoast.UUCP> Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742 Lines: 36 >As quoted from <1261@saturn.ucsc.edu> by haynes@ucscc.UCSC.EDU.ucsc.edu (99700000): >| Incidentally, there's a security hole connected with setpgrp() >| in that the system doesn't check whether the pgrp number you >| proffer is already in use by somebody else. In article <6305@ncoast.UUCP> allbery@ncoast.UUCP (Brandon Allbery) writes: >...which is why System V won't let you set the pgrp to anything other than >your pid. That is the wrong test, but sufficent. >Wonderful idea, by the way -- don't you get a warm glow from having posted >an easily-exploited security hole to the Net? Please be more circumspect >next time. A closed hole: p = pfind(uap->pid); if (p == 0) { u.u_error = ESRCH; return; } /* need better control mechanisms for process groups */ if (p->p_uid != u.u_uid && u.u_uid && !inferior(p)) { u.u_error = EPERM; return; } p->p_pgrp = uap->pgrp; In 4.3BSD, you can setpgrp() only to an existing process that is yours (unless you are root). The `inferior()' test lets setuid programs cross uid boundaries as long as they stick within their process tree. -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690) Domain: chris@mimsy.umd.edu Path: uunet!mimsy!chris