[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#34633: [ak03@gte.com: Re: PR ports/31629 (People with access to non-FreeBSD Unix needed to help)
From:       Alan Eldridge <alane () geeksrus ! net>
Date:       2001-11-30 17:12:35
[Download RAW message or body]

OK, AIX (again) and HP/UX 10 both take 0xffff as a chmod arg. So, they go
the candidate list for "security hole" for this KDE bug.

Ignoring the fact that this *is* a KDE bug, there seems to be a trend here.
So far, the score is about 10 to 2 (or 10 to 1, if Mac OS X is counted same
as FreeBSD) in favor of taking this value as a valid chmod arg.

Time to get out the Single Unix Spec and see what it says. Anybody get a
POSIX spec they can check?

It may turn out that FBSD is wrong in failing the call, just as much as the
KDE code is wrong in doing fscked-up type conversions in the call.

----- Forwarded message from "Alexander N. Kabaev" <ak03@gte.com> -----

Alan, here are results of the test you posted on AIX and HP/UP 10.10

AIX:
$ uname -a
AIX aixhost 3 4 000311744C00
$ xlc -o foo foo.c
$  chmod 664 foo.c
$ ls -l foo.c
-rw-rw-r--   1 ak03     tonics       496 Nov 30 09:45 foo.c
$ ./foo foo.c ffff
chmod ok
$ ls -l foo.c
-rwsrwsrwx   1 ak03     tonics       496 Nov 30 09:45 foo.c


HP-UX:
# uname -a
HP-UX hphost B.10.20 A 9000/820 2001944109 two-user license
# chmod 664 foo.c 
# ls -l foo.c
-rw-rw-r--   1 ak03       tonics         516 Nov 30 09:50 foo.c
# ./foo foo.c ffff
chmod ok
# ls -l foo.c 
-rwsrwsrwt   1 ak03       tonics         516 Nov 30 09:50 foo.c
# 

----- End forwarded message -----

-- 
Alan Eldridge
#include <cstdlib>
free(sklyarov);

[prev in list] [next in list] [prev in thread] [next in thread]