git: Fix chdir/fchdir for setuid/setgid binaries

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Wed Sep 30 08:18:39 PDT 2009


Simon Schubert wrote:
commit 609c6f34fef1b0942cfff9f26bc1844a4858ad7c
Author: Simon 'corecode' Schubert <corecode at fs.ei.tum.de>
Date:   Wed Sep 30 17:02:24 2009 +0200
    Fix chdir/fchdir for setuid/setgid binaries
    
    Access checks for a directory have to be done using the euid/egid, not
    the ruid/rgid.
There are certainly many more of these problems.  We need to address those before we roll 2.4.1.  I think we should audit all calls to VOP_ACCESS.  Also, I suggest creating VOP_RACCESS, removing VOP_EACCESS and making 
the effective id check default in VOP_ACCESS, since most permission checks in the kernel refer to the effective ids, and only select ones deal with the real ids.

cheers
 simon




More information about the Commits mailing list