Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!hao!oddjob!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: Setting process groups
Message-ID: <9587@mimsy.UUCP>
Date: Tue, 1-Dec-87 19:41:41 EST
Article-I.D.: mimsy.9587
Posted: Tue Dec  1 19:41:41 1987
Date-Received: Sat, 5-Dec-87 00:18:53 EST
References: <1765@unc.cs.unc.edu> <910@mcgill-vision.UUCP> <1261@saturn.ucsc.edu> <6305@ncoast.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 36

>As quoted from <1261@saturn.ucsc.edu> by haynes@ucscc.UCSC.EDU.ucsc.edu (99700000):
>| Incidentally, there's a security hole connected with setpgrp()
>| in that the system doesn't check whether the pgrp number you
>| proffer is already in use by somebody else.

In article <6305@ncoast.UUCP> allbery@ncoast.UUCP (Brandon Allbery) writes:
>...which is why System V won't let you set the pgrp to anything other than
>your pid.

That is the wrong test, but sufficent.

>Wonderful idea, by the way -- don't you get a warm glow from having posted
>an easily-exploited security hole to the Net?  Please be more circumspect
>next time.

A closed hole:

	p = pfind(uap->pid);
	if (p == 0) {
		u.u_error = ESRCH;
		return;
	}
/* need better control mechanisms for process groups */
	if (p->p_uid != u.u_uid && u.u_uid && !inferior(p)) {
		u.u_error = EPERM;
		return;
	}
	p->p_pgrp = uap->pgrp;

In 4.3BSD, you can setpgrp() only to an existing process that is
yours (unless you are root).  The `inferior()' test lets setuid
programs cross uid boundaries as long as they stick within their
process tree.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris