projects / unix-history / commit
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
(parent: 2276f02) | patch
ENFORCE EXECUTE PERMISSIONS, MNT_NOEXEC
authorMark Tinguely <tinguely@plains.nodak.edu>
Sat, 15 Aug 1992 00:00:00 +0000 (00:00 +0000)
committerMark Tinguely <tinguely@plains.nodak.edu>
Sat, 15 Aug 1992 00:00:00 +0000 (00:00 +0000)
commitdc24d661cc4571cc7dc0f22ae1ec51941d11878e
tree3f1a6bfae7e7cdcda7f8876a74355a24526b79c1tree
parent2276f02ee1896e0e012ce0be54317b8c4a096c44commit | diff
ENFORCE EXECUTE PERMISSIONS, MNT_NOEXEC

>problem 3: I noticed that anyone could run shutdown. the permissions were
>
>-rwsr-x--- owner root group operator. I changed the permissions to
>-r-x------ and anyone can still run it. (you get the shutdown: NOT super-user)

This is a big security hole. In 0.0, a VOP_ACCESS was used, but root always
succeeds (and tries to execute anything).  But the check for a single execute
bit is wrong too.  I put the VOP_ACCESS back but also checked to make sure
at least one execute bit is on before root can execute the file.  I also
checked if the filesystem was mounted for execution:

AUTHOR: Mark Tinguely (tinguely@plains.nodak.edu)
386BSD-Patchkit: patch00024
usr/src/sys.386bsd/kern/kern_execve.c diff | blob | blame | history
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.