Unexpected behavior in the file access control, resulted from the mixture of specifications about the supplementary group list
Issue
- Following two unexpected behaviors occur if certain conditions are met:
1) Fail to open a file though the third group of the permission bits of the file are set (it is expected that the file is accessible).
2) Succeed to open a file though the third group of the permission bits of the file are not set (it is expected that the file is not accessible).
The conditions are as follows:
1. Start a process with "root" euid and an egid which is the same as the group ID of the file.
2. setgid() to a group which is different from the group ID of the file.
3. setuid() to a user which is different from the owner ID of the file.
Sample Program:
# cat /tmp/sample.c
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
setgid(1);
setuid(1);
int fd = open(argv[1], O_RDONLY);
if (fd < 0)
perror("open");
return 0;
}
# cd /tmp
# make sample
cc sample.c -o sample
# id
uid=0(root) gid=0(root) groups=0(root),10(wheel)
Execution Sample:
* In order to confirm 1), execute the above program by the following file:
# ls -la /tmp/file
-rwx---rwx 1 root root 0 Mar 5 11:07 file
^^^
# ./sample /tmp/file
open: Permission denied (You cannot open the file)
* In order to confirm 2), execute the above program by the following file:
# ls -l /tmp/file
-rwxrwx--- 1 root root 0 Mar 28 17:35 /tmp/file
^^^
# ./sample /tmp/file
# (You can open the file)
Environment
- Red Hat Enterprise Linux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
