>x:/usr/src/linux-2.0.x# grep "grp.*euid" `find -name "*.[ch]" -print`
>./kernel/sysctl.c: if (grp == current->euid)
>
>This is a bug, it has been fixed in 2.1.26 at least... (I just checked).
The patch was introduced in 2.1.12 (the routine was rewritten, so perhaps
the person responsible didn't notice and think about 2.0?)
-Chris
The patch for 2.1.12 is:
diff -u --recursive --new-file v2.1.11/linux/kernel/sysctl.c linux/kernel/sysctl.c
--- v2.1.11/linux/kernel/sysctl.c Sun Nov 10 20:12:19 1996
+++ linux/kernel/sysctl.c Fri Nov 22 11:50:57 1996
@@ -229,19 +229,23 @@
/* Like in_group_p, but testing against egid, not fsgid */
static int in_egroup_p(gid_t grp)
{
- int i;
-
- if (grp == current->euid)
- return 1;
-
- for (i = 0; i < NGROUPS; i++) {
- if (current->groups[i] == NOGROUP)
- break;
- if (current->groups[i] == grp)
- return 1;
+ if (grp != current->egid) {
+ int i = current->ngroups;
+ if (i) {
+ gid_t *groups = current->groups;
+ do {
+ if (*groups == grp)
+ goto out;
+ groups++;
+ i--;
+ } while (i);
+ }
+ return 0;
}
- return 0;
+out:
+ return 1;
}
+
/* ctl_perm does NOT grant the superuser all rights automatically, because
some sysctl variables are readonly even to root. */
static int test_perm(int mode, int op)