>Number:         18771
>Category:       pkg
>Synopsis:       mtools setgid setup doesn't work
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 22 12:49:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Hertel
>Release:        NetBSD 1.6, pkgsrc/sysutils/mtools/Makefile v1.25 2001/11/29 01:12:48
>Organization:
>Environment:
System: NetBSD bayta.home 1.6 NetBSD 1.6 (BAYTA) #1: Mon Sep 23 13:19:50 CEST 2002 src@bayta.home:/usr/src/sys/arch/i386/compile/BAYTA i386
Architecture: i386
Machine: i386
>Description:
mtools drops its privileges so thoroughly that it can't regain its
original effective group id for opening the device file. This
defeats the "setgid mtools" setup that is mentioned in the
documentation and described in the comment above Setuid() in
privileges.c.
>How-To-Repeat:
root# echo 'mtools:*:200:' >> /etc/group
root# chgrp mtools /usr/pkg/bin/mtools
root# chmod 2555 /usr/pkg/bin/mtools
root# chgrp mtools /dev/fd0b
root# chmod 660 /dev/fd0b
root# echo 'drive a: file="/dev/fd0b" privileged=1' > /usr/pkg/etc/mtools.conf
user$ mdir a:
gives
Can't open /dev/fd0b: Permission denied
Cannot initialize 'A:'
>Fix:
Add this file to the patches directory:
--- privileges.c.orig   Sat Mar 27 09:29:38 1999
+++ privileges.c
@@ -68,7 +68,7 @@ void reclaim_privs(void)
 {
        if(noPrivileges)
                return;
-       setgid(egid);
+       setegid(egid);
        Setuid(euid);
        print_privs("after reclaim privs, both uids should be 0 ");
 }
@@ -76,7 +76,7 @@ void reclaim_privs(void)
 void drop_privs(void)
 {
        Setuid(ruid);
-       setgid(rgid);
+       setegid(rgid);
        print_privs("after drop_privs, real should be 0, effective should not ");
 }
>Release-Note:
>Audit-Trail:
>Unformatted: