Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site watmath.UUCP Path: utzoo!watmath!arwhite From: arwhite@watmath.UUCP (Alex White) Newsgroups: net.bugs.4bsd Subject: Urgent fix to open for 4.2bsd Message-ID: <6820@watmath.UUCP> Date: Wed, 8-Feb-84 14:43:29 EST Article-I.D.: watmath.6820 Posted: Wed Feb 8 14:43:29 1984 Date-Received: Fri, 10-Feb-84 02:01:22 EST Organization: U of Waterloo, Ontario Lines: 33 Subject: FTRUNC bypasses permissions! Index: /sys/ufs_syscalls.c 4.2BSD Description: copen doesn't check permissions if FTRUNC is specified but FWRITE isn't. This means you can truncate files you don't have perms on, and truncate to zero length DIRECTORIES!!!! Repeat-By: #includemain() { open("xyz", O_TRUNC|O_RDONLY); /* xyz with no write perms */ open(".", O_TRUNC|O_RDONLY); /* Directory is truncated! */ } Fix: in copen, change if((mode&FCREAT) == 0) { if (mode&FREAD) ... if (mode&FWRITE) { ... } } change the if (mode&FWRITE) { to if (mode&(FWRITE|FTRUNC)) { this will mean the check for write perms will be done for truncate, and also the check for being a directory. *If anybody takes advantage of this on any system on campus before I get *around to changing them all and after I post this note you will find your *account gone very quickly!