Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!clyde!watmath!cantuar!james
From: james@cantuar.UUCP (J. Collier)
Newsgroups: comp.unix.wizards
Subject: Re: Setting process groups
Message-ID: <251@cantuar.UUCP>
Date: 9 Dec 87 14:11:17 GMT
References: <10663@brl-adm.ARPA> <13102@comp.vuw.ac.nz>
Reply-To: james@cantuar.UUCP (J. Collier)
Organization: University of Canterbury, Christchurch, New Zealand
Lines: 37
Keywords: security setpgrp
Expires:

Sender:

Followup-To:

Distribution:


Chris Torek (chris@mimsy.uucp) writes (from the unix-wizards digest):
>
>In article <13102@comp.vuw.ac.nz> duncan@comp.vuw.ac.nz (Duncan McEwan) writes:
>>BTW, while I was playing around with this, I noticed that the man page
>>for setpgrp(2) does not say it is an error to put yourself in an existing
>>process group.
>>
    (extract from setpgrp(2) manual entry)
>       [EPERM]
>       The effective user ID of the requested process is different
>       from that of the caller and the process is not a descendent
>       of the calling process.
>So it is implicit in the section listing for `EPERM'.

   I don't understand the relevance of this. Perhaps I'm mis-reading
Chris's article; if not..
   Surely the `EPERM' section refers only to the ownership of the
calling process and the target process [ie the process specified by the
first argument to setpgrp()]. As Duncan says, the 4.3 BSD code does not
check the requested process group.

Duncan continues:
>Not that this causes any harm anyway - if you try to killpg a process group
>containing processes that don't belong to you, only your own get killed [..]
   In BSD [at least] I believe the criminally gifted can still find modest
uses for setpgrp() in combination with one or two rather more serious
security flaws. I'm not sure if it can be considered a problem on its
own, though, and it would probably be expensive to tighten. Comments?

   [Aside: I once tried using setpgrp()/getpgrp() for IPC in a
program where process groups were not needed for the usual purposes -
instant parameterised signals, and cheap too!]
-------------------------
James Collier              Internet(ish):  james@cantuar.{uucp,nz}
Computer Science Dept.,    UUCP:           {watmath,munnari,mcvax}!cantuar!james
University of Canterbury,  Spearnet/Janet: j.collier@nz.ac.canty
Christchurch, New Zealand. Office: +64 3 482 009 x8356  Home: +64 3 554 025