Bug#34633: Emiel Kollof's chmod tests...

Alan E alane at geeksrus.net
Fri Nov 30 02:19:03 UTC 2001 

Wow, Emiel has done us a great service here! Community at work. :)

OK, so that's

	BSDI aka BSD/OS Intel
	Solaris 2.x Sparc
	Tru64 aka OSF1 Alpha (2 versions)
	Linux PPC
	Linux Intel 

that all accept the bad chmod arg, and hence will not produce the KDE warning 
box that we see on FreeBSD. This is beginning to look like a one-sided 
contest.

Now, none of this changes the fact that the KDE code is *wrong*. We can still 
see that because, of course, if the caller's -1 had made it through to the 
other end of the RPC, then the chmod() call would not have been made at all. 

It is pretty obvious that Konqueror doesn't want to save pictures that are 
set-UID, set-GID, set-sticky, and executable. In fact, this is a nasty 
security hole: you save a script or binary from the web (or ftp, or wherever) 
and you get set-uid, set-gid, and world executable! Umm, no, that will not do.

I'll test cygwin (latest) back at work tomorrow. I just spaced it this 
afternoon.

And of course, in the other corner, we have FreeBSD 4.4-RELEASE:

[alane ~]$ cat test-chmod.c
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>

int
main(int ac, char **av)
{
        if (ac == 3) {
                char *fn = av[1];
                char *md = av[2];
                int mode = 0xffff;
                sscanf(md, "%x", &mode);
                if (!chmod(fn, mode)) {
                        printf("chmod ok\n");
                } else {
                        printf("chmod barfed; error = %s\n", strerror(errno));
                }
        }
        return 0;
}

[alane ~]$ make test-chmod
cc -O -pipe   test-chmod.c  -o test-chmod
[alane ~]$ uname -a
FreeBSD wwweasel.geeksrus.net 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Sun Oct 28 
04:44:34 EST 2001     
root at wwweasel.geeksrus.net:/usr/src-4.4-RELEASE/sys/compile/WWWEASEL  i386
[alane ~]$ ls -l test-chmod.c
-rw-------  1 alane  alane  497 Nov 29 19:46 test-chmod.c
[alane ~]$ ./test-chmod test-chmod.c ffff
chmod barfed; error = Inappropriate file type or format
[alane ~]$ ls -l test-chmod.c
-rw-------  1 alane  alane  497 Nov 29 19:46 test-chmod.c
[alane ~]$


	
-- 
Alan Eldridge
#include <cstdlib>
free(sklyarov);

More information about the KDevelop-devel mailing list