Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!clyde.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!apple!usc!wuarchive!uunet!zephyr.ens.tek.com!uw-beaver!ubc-cs!sol.UVic.CA!cue.bc.ca!jnemeth
From: jnemeth@cue.bc.ca (John Nemeth)
Newsgroups: comp.os.minix
Subject: Re: FS bug?
Message-ID: <1990Dec25.104814.17490@sol.UVic.CA>
Date: 25 Dec 90 10:48:14 GMT
References: <1990Dec21.003030.4379@cocktrice.uucp>
Sender: news@sol.UVic.CA
Organization: Computer Using Educators of B.C., Canada
Lines: 62
Nntp-Posting-Host: cue.bc.ca

In article <1990Dec21.003030.4379@cocktrice.uucp> mdm@cocktrice.uucp (Mike Mitchell) writes:
>I have been attempting to install uupc; I desired to have all executables
>in /bin and /usr/bin protected in such a manner that only the execute bit
>is on. I changed the mode of all files to reflect the fact that group and
>world read/write bits had been removed.
>
>login cannot exec /bin/sh when it has been changed to 511; this makes it
>impossible for a user account to be created and used. When I changed the
>protections of /bin/sh to 555, login was able to exec the shell and allow
>the user to login. When the login had succeeded in execing a copy of /bin/sh
>the next problem to crop up was 'ls: cannot execute'. By changing the
>mode of ls from 511 to 555, it began to work.

This is an oldy but goody.  Fire up ye olde time machine and we find
the solution on March 14, 1988.

                                                        John Nemeth
                                                     jnemeth@cue.bc.ca

From: Marty <uw-beaver!xerox.com!Leisner.Henr>
Newsgroups: comp.os.minix
Subject: path to allow X bit to be sufficent to exec
Date: 14 Mar 88 21:37:04 GMT
Sender: uw-beaver!UDEL.EDU!mmdf
Source-Info:  From (or Sender) name not authenticated.
To: info-minix@UDEL.EDU

I inserted the following patch into fs/open.c/do_open() to allow the memory
manager to read files with only the X bit set.

#ifdef ORIGINAL
  if ((r = forbidden(rip, bits, 0)) != OK) {
	put_inode(rip);          /* can't open: protection violation */
	return(r);
  }
#else
	/* patch to allow X bit to be sufficient to execute file -- MM does it's
	 * own protection checks 
	 */
	if(who != MM_PROC_NR && ((r = forbidden(rip, bits, 0)) != OK)) {
		/* allow MM to open up anything he wants */
		put_inode(rip);          /* can't open: protection violation */
		return(r);
	  }
#endif

Since the memory manager goes through mm/utility/allowed to check file
permissions, I'm suspending access checks in fs on mm open calls.  Kinda
kludgey, but seems to do what I want without any bad side effects.  Anyone have
any better ideas?

I suppose a cleaner way may be to define a special open bit which becomes
something like EXEC_ONLY.

It looks to be reasonable to perhaps push off the access level checking in
mm/utility/access to the file system.

marty
ARPA:	leisner.henr@xerox.com
GV:  leisner.henr
NS:  martin leisner:henr801c:xerox
UUCP:	nsc!nscimg!amps!marty