From d021ae3db5f795d160f23069fc36f4101a878f1a Mon Sep 17 00:00:00 2001 From: Guido van Rooij Date: Wed, 15 Oct 1997 18:28:34 +0000 Subject: [PATCH] On execing a sgid program, do not set P_SUGID when cr_gid and cr)_uid do not change. PR: 4755 Reviewed by: Bruce Evans --- sys/kern/kern_exec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 29a53d18654..d72d3ab6744 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: kern_exec.c,v 1.65 1997/09/02 20:05:38 bde Exp $ + * $Id: kern_exec.c,v 1.66 1997/09/21 04:22:50 dyson Exp $ */ #include @@ -293,7 +293,8 @@ interpret: * Don't honor setuid/setgid if the filesystem prohibits it or if * the process is being traced. */ - if ((attr.va_mode & (VSUID | VSGID)) && + if ((attr.va_mode & VSUID && p->p_ucred->cr_uid != attr.va_uid || + attr.va_mode & VSGID && p->p_ucred->cr_gid != attr.va_gid) && (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && (p->p_flag & P_TRACED) == 0) { /* @@ -312,7 +313,7 @@ interpret: if (attr.va_mode & VSUID) p->p_ucred->cr_uid = attr.va_uid; if (attr.va_mode & VSGID) - p->p_ucred->cr_groups[0] = attr.va_gid; + p->p_ucred->cr_gid = attr.va_gid; p->p_flag |= P_SUGID; } else { if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&