[7678] in Athena Bugs
setuid programs in unreadable directories crash
daemon@ATHENA.MIT.EDU (John Carr)
Sat Jun 22 17:11:51 1991
To: bugs@ATHENA.MIT.EDU, bug-afs@ATHENA.MIT.EDU
Date: Sat, 22 Jun 91 17:08:27 EDT
From: John Carr <jfc@ATHENA.MIT.EDU>
In the x11r5 locker, /mit/x11/vaxbin/xterm is not readable by system:anyuser
(because X11 R5 is not yet public). It is also setuid root. This causes
the program to crash. It must be the combination of these factors, because
the program runs when setuid in a root-readable UFS or NFS directory and the
problem goes away if I "fs setcell athena.mit.edu -nosuid" (only before I
first run xterm; after I run xterm the text is corrupt and it crashes
whether or not the program is setuid).
Hypothesis:
1. File I/O to read the program into memory is done with the
new effective uid of the process.
2. The failed I/O is not detected, producing a corrupt text image.
#2 is the more important. It is better for the kernel to send a SIGKILL
than to run the process with random data.
