Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!clyde!watmath!cantuar!james From: james@cantuar.UUCP (J. Collier) Newsgroups: comp.unix.wizards Subject: Re: Setting process groups Message-ID: <251@cantuar.UUCP> Date: 9 Dec 87 14:11:17 GMT References: <10663@brl-adm.ARPA> <13102@comp.vuw.ac.nz> Reply-To: james@cantuar.UUCP (J. Collier) Organization: University of Canterbury, Christchurch, New Zealand Lines: 37 Keywords: security setpgrp Expires: Sender: Followup-To: Distribution: Chris Torek (chris@mimsy.uucp) writes (from the unix-wizards digest): > >In article <13102@comp.vuw.ac.nz> duncan@comp.vuw.ac.nz (Duncan McEwan) writes: >>BTW, while I was playing around with this, I noticed that the man page >>for setpgrp(2) does not say it is an error to put yourself in an existing >>process group. >> (extract from setpgrp(2) manual entry) > [EPERM] > The effective user ID of the requested process is different > from that of the caller and the process is not a descendent > of the calling process. >So it is implicit in the section listing for `EPERM'. I don't understand the relevance of this. Perhaps I'm mis-reading Chris's article; if not.. Surely the `EPERM' section refers only to the ownership of the calling process and the target process [ie the process specified by the first argument to setpgrp()]. As Duncan says, the 4.3 BSD code does not check the requested process group. Duncan continues: >Not that this causes any harm anyway - if you try to killpg a process group >containing processes that don't belong to you, only your own get killed [..] In BSD [at least] I believe the criminally gifted can still find modest uses for setpgrp() in combination with one or two rather more serious security flaws. I'm not sure if it can be considered a problem on its own, though, and it would probably be expensive to tighten. Comments? [Aside: I once tried using setpgrp()/getpgrp() for IPC in a program where process groups were not needed for the usual purposes - instant parameterised signals, and cheap too!] ------------------------- James Collier Internet(ish): james@cantuar.{uucp,nz} Computer Science Dept., UUCP: {watmath,munnari,mcvax}!cantuar!james University of Canterbury, Spearnet/Janet: j.collier@nz.ac.canty Christchurch, New Zealand. Office: +64 3 482 009 x8356 Home: +64 3 554 025