ISC 2.2.1 groups != Sun/BSD groups (+ patch)
Uwe Doering
gemini at geminix.in-berlin.de
Sun Apr 7 01:40:13 AEST 1991
tan at bronson.uucp (Tan Bronson) writes:
> The 2.2.1 concept of groups seems to be either broken or different
>than BSDs. On BSD uses multiple groups for file permission/access checking,
>but on 2.2.1 being a member of groups other than one's login group
>does not allow one to get access to files in those other groups!
This only works if you switch the whole kernel in POSIX mode. This is
done with the help of a special start-up file (*crtp*.o) that is linked
with your program instead of the standard start-up file. In this
POSIX start-up file there is a call to the POSIX function __setostype().
This sets the `u_ostype' variable in the user structure (look at
/usr/include/sys/user.h) to `1', and from thereon the kernel works
in POSIX mode (only for this process !) until the process dies.
Unfortunately, running programs that are compiled for the SysVr3
environment in POSIX mode won't work in many cases because there are
plenty of incompatibilities between SysVr3 and POSIX. That is, even
compiling these programs with the POSIX start-up file and POSIX library
won't help because most software relies on a certain behavior of your
operating system if you tell it that you have a SysVr3 UNIX version.
For instance, giving away file ownerships to other users is allowed
for every user under SysVr3. Under POSIX, only root can do that.
And there are lots of other problems like this. Therefore, many
applications will break.
After realizing this I concluded that the only way to enable the
group vector feature independently from the POSIX switch in the
user area was to patch the responsible kernel module. And this
is exactly what I did. Go to the directory /etc/conf/pack.d/s5
and apply the following patch to `Driver.o' (after making a
backup of this file):
This is for ISC 2.2.1 with the security fix installed (SSU.15).
The original code looks like this:
------------------------- cut here ---------------------------
2b1f: 3b c2 cmpl %edx,%eax
[%edx,%eax]
2b21: 0f 84 ff 00 00 00 je 0xff <2c26>
[0x2c26]
2b27: 0f be 05 6c 14 00 00 movsbl 0x146c,%eax
[0x146c,%eax]
2b2e: 3d 01 00 00 00 cmpl $0x1,%eax
[$0x1,%eax]
2b33: 0f 85 e6 00 00 00 jne 0xe6 <2c1f>
[0x2c1f]
2b39: a1 70 14 00 00 movl 0x1470,%eax
[0x3fae,%eax]
2b3e: 89 45 f8 movl %eax,0xf8(%ebp)
[%eax,-8+%ebp]
2b41: c7 45 fc 00 00 00 00 movl $0x0,0xfc(%ebp)
[$0x0,-4+%ebp]
2b48: e9 9c 00 00 00 jmp 0x9c <2be9>
[0x2be9]
2b4d: 90 nop
[]
2b4e: 90 nop
[]
2b4f: 90 nop
[]
------------------------- cut here ---------------------------
and
------------------------- cut here ---------------------------
4a08: 3b c2 cmpl %edx,%eax
[%edx,%eax]
4a0a: 0f 84 b6 00 00 00 je 0xb6 <4ac6>
[0x4ac6]
4a10: 0f be 05 6c 14 00 00 movsbl 0x146c,%eax
[0x146c,%eax]
4a17: 3d 01 00 00 00 cmpl $0x1,%eax
[$0x1,%eax]
4a1c: 0f 85 a1 00 00 00 jne 0xa1 <4ac3>
[0x4ac3]
4a22: a1 70 14 00 00 movl 0x1470,%eax
[0x5e97,%eax]
4a27: 89 45 f8 movl %eax,0xf8(%ebp)
[%eax,-8+%ebp]
4a2a: c7 45 fc 00 00 00 00 movl $0x0,0xfc(%ebp)
[$0x0,-4+%ebp]
4a31: eb 5a jmp 0x5a <4a8d>
[0x4a8d]
4a33: 90 nop
[]
------------------------- cut here ---------------------------
After the patch it looks like this:
------------------------- cut here ---------------------------
2b1f: 3b c2 cmpl %edx,%eax
[%edx,%eax]
2b21: 0f 84 ff 00 00 00 je 0xff <2c26>
[0x2c26]
2b27: 0f be 05 6c 14 00 00 movsbl 0x146c,%eax
[0x146c,%eax]
2b2e: 3d 01 00 00 00 cmpl $0x1,%eax
[$0x1,%eax]
2b33: 90 nop
[]
2b34: 90 nop
[]
2b35: 90 nop
[]
2b36: 90 nop
[]
2b37: 90 nop
[]
2b38: 90 nop
[]
2b39: a1 70 14 00 00 movl 0x1470,%eax
[0x3fae,%eax]
2b3e: 89 45 f8 movl %eax,0xf8(%ebp)
[%eax,-8+%ebp]
2b41: c7 45 fc 00 00 00 00 movl $0x0,0xfc(%ebp)
[$0x0,-4+%ebp]
2b48: e9 9c 00 00 00 jmp 0x9c <2be9>
[0x2be9]
2b4d: 90 nop
[]
2b4e: 90 nop
[]
2b4f: 90 nop
[]
------------------------- cut here ---------------------------
and
------------------------- cut here ---------------------------
4a08: 3b c2 cmpl %edx,%eax
[%edx,%eax]
4a0a: 0f 84 b6 00 00 00 je 0xb6 <4ac6>
[0x4ac6]
4a10: 0f be 05 6c 14 00 00 movsbl 0x146c,%eax
[0x146c,%eax]
4a17: 3d 01 00 00 00 cmpl $0x1,%eax
[$0x1,%eax]
4a1c: 90 nop
[]
4a1d: 90 nop
[]
4a1e: 90 nop
[]
4a1f: 90 nop
[]
4a20: 90 nop
[]
4a21: 90 nop
[]
4a22: a1 70 14 00 00 movl 0x1470,%eax
[0x5e97,%eax]
4a27: 89 45 f8 movl %eax,0xf8(%ebp)
[%eax,-8+%ebp]
4a2a: c7 45 fc 00 00 00 00 movl $0x0,0xfc(%ebp)
[$0x0,-4+%ebp]
4a31: eb 5a jmp 0x5a <4a8d>
[0x4a8d]
4a33: 90 nop
[]
------------------------- cut here ---------------------------
In words: I simply eliminated two conditional jumps so that the
code for the group vector checking is always executed. You should
be able to apply this patch with any binary file editor. Of course,
I give you _no_ guaranty that this patch will work you nor that
it won't crash your system. However, for me this works like a charm.
Of course, the group vector must be set before you can use it. This
is done by the `login' program. I haven't checked whether the
original ISC `login' has the necessary initgroups() function call
in it (from `libcposix.a') because I use a PD login program. If
`login' sets the group vector, all of its child processes (including
the execed login shell) will use it. Nice feature.
It's really sad that ISC didn't make this really useful feature
configurable independently from the POSIX switch, for instance by a
variable in /etc/conf/pack.d/s5/space.c. :-(
Have fun!
Uwe
--
Uwe Doering | INET : gemini at geminix.in-berlin.de
Berlin |----------------------------------------------------------------
Germany | UUCP : ...!unido!fub!geminix.in-berlin.de!gemini
More information about the Comp.unix.sysv386
mailing list