Path: utzoo!attcan!telly!lethe!torsqnt!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!ginosko!uunet!mcsun!hp4nl!nikhefh!n62
From: n62@nikhefh.nikhef.nl (Klamer Schutte)
Newsgroups: comp.os.minix
Subject: Bug in fs/open.c
Keywords: only in enhanced(fifo) fs
Message-ID: <260@nikhefh.nikhef.nl>
Date: 22 Sep 89 11:22:06 GMT
Reply-To: Schutte@nikhefh.nikhef.nl (Klamer Schutte)
Organization: Nikhef-H, Amsterdam (the Netherlands).
Lines: 33

In the fixes to FS as posted by Simon Poole which made fnctl &
fifo's possible there is a bug.
The result is that anybody can mknod if he wants to -- a security hole.

The file with the bug is fs/open.c
Here is the fix. Patch (can be done by hand), compile, build & reboot.

Note: only tested on a ST. I am not running out of the box minix.

Klamer. (.signature at end)
-----------------------------------------------------------------------
*** open.c~	Thu Mar 16 08:20:08 1989
--- open.c	Thu Sep 21 17:04:50 1989
***************
*** 48,54 ****
    struct inode *new_node();
  
    /* only super_user may make nodes other than fifo's */
!   if (!super_user && (mode & I_TYPE != I_NAMED_PIPE)) return(EPERM);
    if (fetch_name(name1, name1_length, M1) != OK) return(err_code);
    bits = (mode & I_TYPE) | (mode  & ALL_MODES & fp->fp_umask);
    put_inode(new_node(user_path, bits, (zone_nr) addr));
--- 48,54 ----
    struct inode *new_node();
  
    /* only super_user may make nodes other than fifo's */
!   if (!super_user && ((mode & I_TYPE) != I_NAMED_PIPE)) return(EPERM);
    if (fetch_name(name1, name1_length, M1) != OK) return(err_code);
    bits = (mode & I_TYPE) | (mode  & ALL_MODES & fp->fp_umask);
    put_inode(new_node(user_path, bits, (zone_nr) addr));
-- 
____________________Yes, mail address changed again :-(_________________________
Klamer Schutte        mcvax!nikhefh!{n62,Schutte}        {Schutte,n62}@nikhef.nl