Sandbox: Fix a security hole so that switcher sets real user ID, saved set_user-ID, real group ID and saved set_group-ID

svn path=/trunk/boinc/; revision=13735
2007-10-02 09:32:20 +00:00 · 2007-10-02 09:32:20 +00:00 · 4a9066d6b9
parent bb41946dd8
commit 4a9066d6b9
2 changed files with 5 additions and 2 deletions
--- a/2
+++ b/2
@ -8997,3 +8997,5 @@ Charlie 1 Oct 2007
    clientgui/
        mac/
            SetupSecurity.cpp
+    mac_build/
+        Mac_SA_Secure.sh
--- a/mac_build/Mac_SA_Secure.sh
+++ b/mac_build/Mac_SA_Secure.sh
@ -64,7 +64,8 @@
 # sudo dscl . -delete /groups/boinc_master users mary
 # 

-# Last updated 9/19/07
+# Last updated 10/2/07 for BOINC version 5.10.21
+# WARNING: do not use this script with older versions of BOINC

 function make_boinc_user() {
    # Check whether group already exists
@ -203,7 +204,7 @@ if [ -f switcher/AppStats ] ; then
 set_perm switcher/AppStats root boinc_master 4550
 fi

-set_perm switcher/switcher boinc_project boinc_project 6551
+set_perm switcher/switcher root boinc_master 04050
 set_perm switcher/setprojectgrp boinc_master boinc_project 2500
 set_perm switcher boinc_master boinc_master 0550