mkdir and access(2)

Chris Torek chris at mimsy.UUCP
Sun Mar 27 06:32:55 AEST 1988 

In article <368 at wsccs.UUCP> terry at wsccs.UUCP (terry) writes:
>... for instance, if mknod() had to be done by root, as the only user
>capable of modifying a file system, as is the case in a number of recent
>UNIX implimentations.  Your "mkdir" command would have to be SUID root,
>but still be able to tell who actually ran it.

This is precisely the problem.  When a setuid program is running
and needs to make a new directory, it must (on these systems) run
the `mkdir' program.  That setuid program's permissions are in
fact those of the EFFECTIVE user, not the real user; but mkdir
will check only the permissions of the real user.  Often this is
not what is desired.  Example:

	% ls -l foo
	-rwsr-xr-x  1 jane   misc   12345 Mar 26 14:27 foo
	% cat foo.c
		...
	int
	mkdir(dirname)		/* not quite right */
		char *dirname;
	{
		char buf[1000];

		(void) sprintf(buf, "/bin/mkdir %s", dirname);
		if (system(buf) == 0)
			return (0);
		errno = EPERM;	/* wrong! must scan output from /bin/mkdir */
		return (-1);
	}
		...
		realuser = uid_to_name(getuid());
		if (chdir("/tmp/jane/foousers") < 0) ...
		if (stat(realuser, &st) < 0 && errno == ENOENT)
			err = mkdir(realuser);
		...
	% ls -ldg /tmp/jane/foousers
	drwxr-xr-x  3 jane   misc     512 Mar 25 17:34 foousers
	% whoami
	joe
	% ./foo
	mkdir: joe: Not owner		(or is it Permission denied?)
	%

There is a way around it, but it is ugly:

		if (stat(realuser, &st) < 0 && errno == ENOENT) {
			/* BEGIN mkdir */
			int pid, w, status;
			switch (pid = fork()) {
			case -1:	/* error */
				...
			case 0:		/* child */
				(void) setgid(getgid());
				(void) setuid(getuid());
				_exit(mkdir(realuser) == 0 ? 0 : errno);
				/*NOTREACHED*/
			default:	/* parent */
				while ((w = wait(&status)) != pid)
					if (w == -1)
						uh oh.
				break;
			}
			err = status == 0 ? 0 : -1;
			if (err)
				errno = status >> 8;
			/* END mkdir */
		}

The above can be done.  It just is not done often enough.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris at mimsy.umd.edu	Path:	uunet!mimsy!chris

More information about the Comp.unix.questions mailing list