o Introduce a new system call, __setsugid(), which allows a process to

  toggle the P_SUGID bit explicitly, rather than relying on it being
  set implicitly by other protection and credential logic.  This feature
  is introduced to support inter-process authorization regression testing
  by simplifying userland credential management allowing the easy
  isolation and reproduction of authorization events with specific
  security contexts.  This feature is enabled only by "options REGRESSION"
  and is not intended to be used by applications.  While the feature is
  not known to introduce security vulnerabilities, it does allow
  processes to enter previously inaccessible parts of the credential
  state machine, and is therefore disabled by default.  It may not
  constitute a risk, and therefore in the future pending further analysis
  (and appropriate need) may become a published interface.

Obtained from:	TrustedBSD Project

2 files changed, 24 insertions, 0 deletions

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 8ced323..003ff3b 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -44,6 +44,7 @@
  */
 
 #include "opt_compat.h"
+#include "opt_global.h"
 
 #include <sys/param.h>
 #include <sys/acct.h>
@@ -911,6 +912,28 @@ issetugid(p, uap)
 	return (0);
 }
 
+int
+__setugid(p, uap)
+	struct proc *p;
+	struct __setugid_args *uap;
+{
+
+#ifdef REGRESSION
+	switch (uap->flag) {
+	case 0:
+		p->p_flag &= ~P_SUGID;
+		return (0);
+	case 1:
+		p->p_flag |= P_SUGID;
+		return (0);
+	default:
+		return (EINVAL);
+	}
+#else /* !REGRESSION */
+	return (ENOSYS);
+#endif /* !REGRESSION */
+}
+
 /*
  * Check if gid is a member of the group set.
  */
diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index aec2ea6..ad24185 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -541,3 +541,4 @@
 			    int iovcnt); }
 373	STD	BSD	{ int extattr_delete_fd(int fd, int attrnamespace, \
 			    const char *attrname); }
+374	STD	BSD	{ int __setugid(int flag); }