[Avcheck] uchroot group problem
Piotr Klaban
makler+avcheck at man.torun.pl
Thu Mar 25 18:08:33 MSK 2004
Hi,
Diring the avcheck tests I have found that my clamd process runs with
the following priviledges (under Solaris):
# pcred 21803
21803: e/r/suid=112 e/r/sgid=111
groups: 1 0 2 3 4 5 6 7 8 9 12
and under linux:
# cat /proc/27610/status
[...]
Uid: 62 62 62 62
Gid: 61 61 61 61
FDSize: 32
Groups: 0 1 2 3 4 6 10 51
[...]
The process can read the following files:
-rw-r----- 1 root other 1118 mar 25 16:05 /var/spool/clamav/tst/14552.tmp
That file can be created with avcheck run from the command line as a root.
That should not happen.
In uchroot.c there should be the setgroups() call.
I enclose a two-line patch against a avcheck-0.9pre2 version.
Best regards,
--
Piotr Klaban
-------------- next part --------------
--- avcheck-0.9pre2/uchroot.c Fri Oct 26 23:14:51 2001
+++ avcheck-1.0/uchroot.c Thu Mar 25 15:47:19 2004
@@ -76,6 +76,8 @@ Usage: %s [-u user[:group]] [-d dir] new
if (pw) {
if (setgid(gr ? gr->gr_gid : pw->pw_gid) != 0)
err(1, "unable to set group");
+ if (setgroups(1, &pw->pw_gid) != 0)
+ err(1, "unable to set supplementary group");
if (setuid(pw->pw_uid) != 0)
err(1, "unable to set uid");
}
More information about the Avcheck
mailing list