From owner-freebsd-security Mon Apr 24 02:12:46 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA28193 for security-outgoing; Mon, 24 Apr 1995 02:12:46 -0700 Received: from inet-gw-1.pa.dec.com (inet-gw-1.pa.dec.com [16.1.0.22]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id CAA28186 for ; Mon, 24 Apr 1995 02:12:41 -0700 Received: from muffit.reo.dec.com by inet-gw-1.pa.dec.com (5.65/24Feb95) id AA00985; Mon, 24 Apr 95 02:07:54 -0700 Received: by muffit.reo.dec.com (5.65/helenc-6Apr93); id AA09374; Mon, 24 Apr 1995 10:11:17 +0100 From: erandall@muffit.reo.dec.com (Ed Randall) Message-Id: <9504240911.AA09374@muffit.reo.dec.com> Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc To: wollman@halloran-eldar.lcs.mit.edu (Garrett Wollman) Date: Mon, 24 Apr 95 10:11:16 WET DST Cc: freebsd-security@FreeBSD.org In-Reply-To: <9504211549.AA06954@halloran-eldar.lcs.mit.edu>; from "Garrett Wollman" at Apr 21, 95 11:49 am X-Mailer: ELM [version 2.3 PL11] Sender: security-owner@FreeBSD.org Precedence: bulk Hi Garrett, Garrett Wollman writes: > > < > > Wouldn't it be better to FIX these functions to match the POSIX standard, and > > patch up the security holes ? > > The POSIX standard specifies set[ug]id() AND NOTHING ELSE. Do you > really want strict POSIX behavior? > > I didn't think so... Sorry, I stand corrected; I'm not an expert on POSIX, and I don't even own a copy of it. But I got the impression that we had a load of stuff here that was about to be chopped without consideration for actually fixing it first, with unknown repercussions ... I'm all for standards compliance, it makes portability SO much easier. And while I'm about it, hats off to HP for being the only major UNIX that actually states in its manual pages, exactly what standard their API conforms to; I wish everyone else would do it. But no, I don't think that "legacy" functions that are outside of a standard should be removed for that reason alone; If they are broken in some way, they should be fixed; If they are broken so badly that for example the mere _specification_ of them is a security hole, then yes, there is a case for removing them, and fixing any applications that make use of them, to do it the "proper" way. The manual pages should state exactly what standards they conform to, if any, and whether or not they are obsolete and may not be supported in future releases. What are your views on the subject ? BTW, do you happen to know if there is a URL where I can get access to the full POSIX spec ? Regards, Ed ---- ---------------------------------------------------------------------- Ed Randall Digital Equipment Co.Ltd., Worton Grange, Reading DECnet : RDGENG::RANDALL Internal phone : 7-830-4712 Internet : erandall@muffit.reo.dec.com Telephone: (01734) 204712 ---------------------------------------------------------------------- Speaking for myself, not for Digital or anybody else.