Date: Fri, 28 Apr 1995 19:39:43 +0400 From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: sa2c@st.rim.or.jp, security@FreeBSD.org Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <FK_mGel8m3@astral.msk.su> In-Reply-To: <199504280436.NAA00812@us.and.or.jp>; from NIIMI Satoshi at Fri, 28 Apr 1995 13:36:14 %2B0900 References: <199504280436.NAA00812@us.and.or.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199504280436.NAA00812@us.and.or.jp> NIIMI Satoshi writes: >I've noticed with -current that when euid is not equal to ruid, >setuid(euid) fails but setreuid(euid, euid) successes. >But once setreuid(euid, -1) or setreuid(euid, euid), setuid(euid) >sccesses. >Please unify the rule for setre[ug]id() and set[ug]id(): >a) It is possible to change ruid if target is same as saved uid. >or >b) Only the superuser can change ruid. >IMHO: There is no need to give users the pass to change real user id. >The main aim of setre[ug]id() in 4.3BSD was to change e[ug]id. This >can be done by only sete[ug]id() in 4.4BSD. When we follow BSD 4.4 rule, we need to remove setre*() completely, because they cause very big confusion for all pgms which expects 4.2 way. Recently I call core team about removing them, but peoples prefer to implement them correctly (4.2 way) instead of removing. So, I do it. Now it is impossible to unify rule: it divides to POSIX and non-POSIX behaviour. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FK_mGel8m3>