Hello, [I am now not subscribing this list. Please Cc to me if necessary.]
Excuse me for replying this late! Thank you for committing the patch to allow luit to be setuid'ed on FreeBSD (and probably other BSD-like operating systems, but I am not sure): http://cvsweb.xfree86.org/cvsweb/xc/programs/luit/sys.c#rev1.8 The problem is: the fix is not sufficient on FreeBSD. On FreeBSD, "BSD" macro is defined in <sys/param.h> and the sys.c rev 1.8 fails to find it. I failed to notice it by now because of some silly mistakes I made; please do not ask about it.... Please consider applying the attached patch (sys.c.diff) against CVS HEAD. It solved the problem on my FreeBSD 4.8-RELEASE-p* environment. I did not test it on a FreeBSD 5.x box because I do not have one. I have written this patch according to: http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/porting-versions.html and I hope it will not break the compilation on other operating systems than FreeBSD. Best regards, Tsuyoshi --- ITO Tsuyoshi <[EMAIL PROTECTED]> --- --- Dept. of Computer Science, University of Tokyo. --- From: Juliusz Chroboczek <[EMAIL PROTECTED]> Subject: Re: Some patches to luit Date: 14 Mar 2003 21:12:00 +0100 > IT> I am fine if luit searches /dev/pty[p-zP-T][0-9a-v] instead of > IT> /dev/pty[p-zP-T][0-9a-f]. > > Fine. I'll send a patch straight away. > > IT> From what I've learned from a quick search, FreeBSD's and POSIX's > IT> setuid are different only when called from processes which are > IT> setuid'ed to other user than root. Am I wrong? > > No, you're right. Sorry for that, I was confused; it looks actually > like the 4.4BSD (not 4.3BSD) semantics makes more sense than the Posix > saved IDs one. > > It looks like it's safe to remove the check for _POSIX_SAVED_IDS. > I'll send a patch. > > IT> I do not know what happens if luit with luit-freebsd.patch is > IT> setuid'ed to a non-root user. > > It looks like it's a security hole on _POSIX_SAVED_IDS systems. > > Juliusz
Index: sys.c =================================================================== RCS file: /cvs/xc/programs/luit/sys.c,v retrieving revision 1.8 diff -u -r1.8 sys.c --- sys.c 2003/04/03 16:44:36 1.8 +++ sys.c 2003/08/17 07:24:31 @@ -68,6 +68,10 @@ #include <stropts.h> #endif +#if (defined(__unix__) || defined(unix)) && !defined(USG) +#include <sys/param.h> +#endif + #include "sys.h" static int saved_tio_valid = 0;
