For these who don't have enough time to download it, I put here part of
documentation, where it is mentioned how I modified setuid()...
WHAT'S GOING ON WITH setuid(2) AND setgid(2)?
This patch modifies the behaviour of these syscalls. Normal setuid(2)
drops all his priviledges if it was called by root, but doesn't if it
was called by normal user. Yes, it's because of POSIX.
But now let's see at zgv. It is written as if it was suid-root. So it
calls ioperm and then calls setuid to drop all his root priviledges.
But now, if we make zgv suid to 'svga' user. Our uid is other than 0,
so setuid won't change 'saved uid' and thus user will be able to setuid
to 'svga' user back! Let's suppose we didn't turn 'access only to graphics
card' option on. Now user has access to every device in the system!
So I changed it. Now every setuid drops all previous user's priviledges
and doesn't let setuid back. It's safe. It's logical. But it's not
compatible with POSIX. What a shame...
Regards,
-- Michal Kosek & Eryk SchillerYou should pay homage to my homepage http://www.v-lo.krakow.pl/klasa4e/dziady3.html (For Polish Linux lovers - rest won't understand...;)
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/