Date: Thu, 20 Apr 1995 21:20:35 +0400 From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: arch@FreeBSD.org, core@FreeBSD.org, security@FreeBSD.org Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <tPZVfbladA@astral.msk.su> In-Reply-To: <OH5bMbl8U5@astral.msk.su>; from "Andrey A. Chernov" at Wed, 19 Apr 1995 23:49:25 %2B0400 References: <OH5bMbl8U5@astral.msk.su>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <OH5bMbl8U5@astral.msk.su> Andrey A. Chernov writes: >I vote for removing this fuctions completely from library >sources, it is only one safe variant, if we can't implement >them in 100%. More info: osetreuid/osetregid syscalls check arguments in the same way that lib function does, and they are only a little bit safe, because testing of s[rg]id independs of place calling. They both can't be implemented, they are violation of POSIX, so I prefer to remove them to not make security hole. If none object, I'll commit the change. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?tPZVfbladA>