From owner-FreeBSD-users-jp@jp.FreeBSD.org Wed Oct 25 18:36:08 2006
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id k9P9a8j12520;
	Wed, 25 Oct 2006 18:36:08 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from radius.cynet.co.jp (radius.cynet.co.jp [210.130.249.86])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with SMTP/inet id k9P9a8w12515
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 25 Oct 2006 18:36:08 +0900 (JST)
	(envelope-from kouji@cty-net.ne.jp)
Received: (qmail 2660 invoked by uid 902); 25 Oct 2006 18:36:06 +0900
Received: from unknown (HELO ?210.139.21.183?) (210.139.21.183)
  by radius.cynet.co.jp with SMTP; 25 Oct 2006 18:36:06 +0900
Message-ID: <453F3000.3000808@cty-net.ne.jp>
From: Kouji Ito <kouji@cty-net.ne.jp>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051008)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.FreeBSD.org
References: <20061025141425.2A41.1YEN@sh.rim.or.jp> <453F0C09.1060507@cty-net.ne.jp> <20061025164521.2A47.1YEN@sh.rim.or.jp>
In-Reply-To: <20061025164521.2A47.1YEN@sh.rim.or.jp>
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 25 Oct 2006 18:36:00 +0900
X-Sequence: FreeBSD-users-jp 90117
Subject: [FreeBSD-users-jp 90117] Re: core =?ISO-2022-JP?B?GyRCJHIbKEI=?=
 =?ISO-2022-JP?B?GyRCRUckKyQ7JGskSyRPISkbKEI=?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: kouji@cty-net.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$B0KF#$G$9!#(B

> 
> 2. setuid $B$9$k(B $B%W%m%0%i%`$O(B core $B$rEG$/$N$+!)(B
>     ==> kernel: pid 69141 (a.out), uid 1001: exited on signal 11
>    core $B$OEG$-$^$;$s$G$7$?!#(B 
>    $B$3$3$G!"(Bcore $B$rEG$/$h$&$K(B OS $B$r@_Dj$G$-$l$P$$$$$H;W$&$N$G$9$,(B...
> 

$B$4$a$s$J$5$$!"(B
kern.sugid_coredump: 1
$B$G!"(Bsetuid()$B$7$?%W%m%0%i%`$b!"(Bcore$B%U%!%$%k:n$k$h$&$K$J$j$^$9$M!#(B
$B$?$@$7!"(Bsetuid()$B$7$?%W%m%0%i%`$,!"<+J,$N%[!<%`%G%#%l%/%H%j$K(B
chdir()$B$7$F$J$$$H!"%@%a$_$?$$$G$9!#(B

#include <stdio.h>
#include <signal.h>
void handle(int nsig)
{
   printf("signal %d\n", nsig);
   exit(0);
}
main()
{
  char *p;
  int nret;

/*signal(SIGSEGV, handle); /**/
  nret = setuid(10001);
  printf("setuid() nret = %d\n", nret);
  nret = chdir("/tmp/guest");
  printf("chdir() nret = %d\n", nret);
  memset(p,0x00,100);
}
