netbsd-bugs: pkg/9479: kermit 7.0.196 vs. NetBSD's /etc/ttyaction

Subject: pkg/9479: kermit 7.0.196 vs. NetBSD's /etc/ttyaction
To: None <gnats-bugs@gnats.netbsd.org>
From: None <onno@simplex.nl>
List: netbsd-bugs
Date: 02/24/2000 12:12:36
>Number:         9479
>Category:       pkg
>Synopsis:       ttyaction works against KERMIT_SUID_UUCP
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager (NetBSD software packages system bug manager)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 24 12:12:00 2000
>Last-Modified:
>Originator:     Onno van der Linden
>Organization:
>Release:        1.4S
>Environment:
	
System: NetBSD sheep 1.4S NetBSD 1.4S (SHEEP) #0: Sun Feb 13 22:31:58 MET 2000 onno@sheep:/usr/src/sys/arch/i386/compile/SHEEP i386


>Description:
Installed the kermit 7.0.196 package with KERMIT_SUID_UUCP=YES in /etc/mk.conf.
My /etc/ttyaction file says:
ttyE0	login	chown $USER /dev/fd0[abcdefgh] /dev/rfd0[abcdefgh] /dev/tty0?
ttyE0	getty	chown root /dev/fd0[abcdefgh] /dev/rfd0[abcdefgh] /dev/tty0?

Which means that the following conflict rears its ugly head:
- able to write the lock file thanks to the suid uucp /usr/pkg/bin/kermit
- unable to open the modem line because of the suid uucp /usr/pkg/bin/kermit

If I do a chown uucp instead of chown $USER in /etc/ttyaction I'm unable
to run pppd .........
And I could make things writable for a group in /etc/ttyaction, but
I don't like that idea.




>How-To-Repeat:
Use the /etc/ttyaction above. Make and install the NetBSD kermit 7.0.196
package with KERMIT_SUID_UUCP=YES specified
Run /usr/pkg/bin/kermit -l /dev/your_modem_line as a normal non-root user.
>Fix:
I've added an extra open() call in priv_opn() to first try things with
the real uid.

*** ckutio.c.orig	Thu Feb 24 20:38:44 2000
--- ckutio.c	Thu Feb 24 20:47:15 2000
***************
*** 12330,12336 ****
  priv_opn(name, modes) char *name; int modes; {
      int x;
-     priv_on();				/* Turn privileges on */
      x = open(name, modes);		/* Try to open the device */
!     priv_off();				/* Turn privileges off */
      return(x);				/* Return open's return code */
  }
--- 12330,12339 ----
  priv_opn(name, modes) char *name; int modes; {
      int x;
      x = open(name, modes);		/* Try to open the device */
!     if (x < 0) {
!       priv_on();			/* Turn privileges on */
!       x = open(name, modes);		/* Try to open the device */
!       priv_off();			/* Turn privileges off */
!     }
      return(x);				/* Return open's return code */
  }
>Audit-Trail:
>Unformatted: