Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!ut-sally!utah-cs!lepreau
From: lepreau@utah-cs.UUCP (Jay Lepreau)
Newsgroups: net.bugs.4bsd
Subject: Re: minor rdist bug
Message-ID: <3977@utah-cs.UUCP>
Date: Wed, 29-Oct-86 22:08:30 EST
Article-I.D.: utah-cs.3977
Posted: Wed Oct 29 22:08:30 1986
Date-Received: Thu, 30-Oct-86 18:21:24 EST
References: <2363@j.cc.purdue.edu>
Reply-To: lepreau@utah-cs.UUCP (Jay Lepreau)
Organization: University of Utah CS Dept
Lines: 13
Keywords: sticky bits, rdist

There is a minor security problem with the recommended fix to allow
rdist to propagate sticky bits: normally only root is allowed to set the
sticky bit. But with the proposed fix, if a user has a machine on which
he has root privileges, and then rdist's (as himself) a file to a
machine on which he does not have root privs, he can introduce binaries
with the sticky bit set.  No big deal, but here's a better way to fix
rdist/server.c:

1038c1038,1039
< 	    (mode & 06000) && chmod(file, mode) < 0) {
---
> 	    (mode & (06000 | (userid ? 0 : S_ISVTX))) &&
> 	    chmod(file, mode) < 0) {