Fix from PR #2757:

execve() clears the P_SUGID process flag in execve() if the binary executed does not have suid or sgid permission bits set. This also happens when the effective uid is different from the real uid or the effective gid is different from the real gid. Under these circumstances, the process still has set id privileges and the P_SUGID flag should not be cleared. Submitted by: Tor Egge <Tor.Egge@idt.ntnu.no>
1997-02-19 03:51:34 +00:00 · 1997-02-19 03:51:34 +00:00 · e47bda0730
commit e47bda0730
parent 5dfbf82ffb
1 changed files with 3 additions and 1 deletions
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -285,7 +285,9 @@ execve(p, uap, retval)
 			p->p_ucred->cr_groups[0] = attr.va_gid;
 		p->p_flag |= P_SUGID;
 	} else {
-		p->p_flag &= ~P_SUGID;
+	        if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
+		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
+			p->p_flag &= ~P_SUGID;
 	}

 	/*