*** empty log message ***

svn path=/trunk/boinc/; revision=10561
2006-07-03 22:04:12 +00:00 · 2006-07-03 22:04:12 +00:00 · 455d21a477
parent aa2b9598b9
commit 455d21a477
4 changed files with 19 additions and 7 deletions
--- a/12
+++ b/12
@ -7185,3 +7185,15 @@ David  2 July 2006

    html/user/
        am_set_info.php
+
+Charlie 3 July 2006
+    - Mac: Mac sandbox: don't set S_ISUID bit for setprojectgrp helper 
+        application.
+        
+    client/
+        check_security.C
+     clientgui/
+        mac/
+            SetupSecurity.cpp
+    doc/
+        sandbox.php
--- a/client/check_security.C
+++ b/client/check_security.C
@ -355,7 +355,7 @@ char *bundlePath, char *dataPath
    if (sbuf.st_uid != boinc_master_uid)
        return -1043;

-    if ((sbuf.st_mode & 07777) != 06500)
+    if ((sbuf.st_mode & 07777) != 02500)
        return -1044;

    return 0;
--- a/clientgui/mac/SetupSecurity.cpp
+++ b/clientgui/mac/SetupSecurity.cpp
@ -456,10 +456,10 @@ int SetBOINCDataOwnersGroupsAndPermissions() {
            return err;

        // Set permissions of setprojectgrp application
-        // chmod u=rsx,g=rsx,o= "/Library/Applications/BOINC Data/switcher/setprojectgrp"
-        // 06550 = S_ISUID | S_ISGID | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP
-        //  setuid-on-execution, setgid-on-execution plus read and execute permission for user only
-        err = DoPrivilegedExec(chmodPath, "u=rsx,g=s,o=", fullpath, NULL, NULL, NULL);
+        // chmod u=rx,g=rsx,o= "/Library/Applications/BOINC Data/switcher/setprojectgrp"
+        // 02500 = S_ISGID | S_IRUSR | S_IXUSR
+        //  setgid-on-execution plus read and execute permission for user only
+        err = DoPrivilegedExec(chmodPath, "u=rx,g=s,o=", fullpath, NULL, NULL, NULL);
        if (err)
            return err;
    }       // setprojectgrp application
--- a/doc/sandbox.php
+++ b/doc/sandbox.php
@ -26,7 +26,7 @@ function prot($user, $group, $perm) {
 }

 $pp0775 = prot('boinc_project', 'boinc_project', '0775');
-$mp6500 = prot('boinc_master', 'boinc_project', '0500+setuid+setgid');
+$mp2500 = prot('boinc_master', 'boinc_project', '0500+setgid');
 $pp6551 = prot('boinc_project', 'boinc_project', '0551+setuid+setgid');
 $mm0550 = prot('boinc_master', 'boinc_master', '0550');
 $mm0770 = prot('boinc_master', 'boinc_master', '0770');
@ -110,7 +110,7 @@ echo
        )),
        show_dir(1, 'switcher (directory)', $mm0550, array(
            show_file('switcher (executable)', $pp6551),
-            show_file('setprojectgrp (executable)', $mp6500)
+            show_file('setprojectgrp (executable)', $mp2500)
        )),
        show_dir(1, 'locale', $mm0550, array(
            show_dir(2, 'de', $mm0550, array(