From 4a9066d6b9a589536561516b00886ded0f145971 Mon Sep 17 00:00:00 2001
From: Charlie Fenton <charlief@example.com>
Date: Tue, 2 Oct 2007 09:32:20 +0000
Subject: [PATCH] Sandbox: Fix a security hole so that switcher sets real user
 ID, saved set_user-ID, real group ID and saved set_group-ID

svn path=/trunk/boinc/; revision=13735
---
 checkin_notes              | 2 ++
 mac_build/Mac_SA_Secure.sh | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/checkin_notes b/checkin_notes
index 04087bc864..7fdb25c1b8 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -8997,3 +8997,5 @@ Charlie 1 Oct 2007
     clientgui/
         mac/
             SetupSecurity.cpp
+    mac_build/
+        Mac_SA_Secure.sh
diff --git a/mac_build/Mac_SA_Secure.sh b/mac_build/Mac_SA_Secure.sh
index fc6e69cb8c..60fc7a5e86 100755
--- a/mac_build/Mac_SA_Secure.sh
+++ b/mac_build/Mac_SA_Secure.sh
@@ -64,7 +64,8 @@
 # sudo dscl . -delete /groups/boinc_master users mary
 # 
 
-# Last updated 9/19/07
+# Last updated 10/2/07 for BOINC version 5.10.21
+# WARNING: do not use this script with older versions of BOINC
 
 function make_boinc_user() {
     # Check whether group already exists
@@ -203,7 +204,7 @@ if [ -f switcher/AppStats ] ; then
 set_perm switcher/AppStats root boinc_master 4550
 fi
 
-set_perm switcher/switcher boinc_project boinc_project 6551
+set_perm switcher/switcher root boinc_master 04050
 set_perm switcher/setprojectgrp boinc_master boinc_project 2500
 set_perm switcher boinc_master boinc_master 0550