----Next_Part(Tue_Jul__2_03:47:37_2002_160)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

hi.

semantics of issetugid(2) on NetBSD is different from
OpenBSD/FreeBSD. is it intended?
(to untaint the process, only execve is needed on NetBSD,
while setuid+execve are needed on others.)

---
YAMAMOTO Takashi<yamt@mwd.biglobe.ne.jp>

----Next_Part(Tue_Jul__2_03:47:37_2002_160)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="kern_exec.diff"

Index: kern_exec.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/kern/kern_exec.c,v
retrieving revision 1.152
diff -u -p -r1.152 kern_exec.c
--- kern_exec.c	2002/04/23 15:11:25	1.152
+++ kern_exec.c	2002/07/01 18:45:09
@@ -642,7 +642,8 @@ sys_execve(struct proc *p, void *v, regi
 			p->p_ucred->cr_uid = attr.va_uid;
 		if (attr.va_mode & S_ISGID)
 			p->p_ucred->cr_gid = attr.va_gid;
-	} else
+	} else if (cred->cr_uid == p->p_cred->p_ruid &&
+		   cred->cr_gid == p->p_cred->p_rgid)
 		p->p_flag &= ~P_SUGID;
 	p->p_cred->p_svuid = p->p_ucred->cr_uid;
 	p->p_cred->p_svgid = p->p_ucred->cr_gid;

----Next_Part(Tue_Jul__2_03:47:37_2002_160)----