Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 30 Sep 2000 00:21:46 -0500
From:      "Jacques A. Vidrine" <n@nectar.com>
To:        Warner Losh <imp@village.org>
Cc:        Don Lewis <Don.Lewis@tsc.tdk.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/lib/libc/net hesiod.c
Message-ID:  <20000930002146.A69517@hamlet.nectar.com>
In-Reply-To: <200009300507.e8U57YG24889@billy-club.village.org>; from imp@village.org on Fri, Sep 29, 2000 at 11:07:33PM -0600
References:  <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009291256.FAA32249@freefall.freebsd.org> <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009300507.e8U57YG24889@billy-club.village.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 29, 2000 at 11:07:33PM -0600, Warner Losh wrote:
> In message <200009300318.UAA19183@salsa.gv.tsc.tdk.com> Don Lewis writes:
> : Would a better test be to check issetugid()?  The process may have
> : already dropped privileges ...
> 
> I concur.  One should use issetugid() rather than checking directly
> against the uid/gid because we may have dropped privs already.  
[snip]

I took the same approach as the run-time linker does for dealing with
LD_LIBRARY_PATH et. al.  If you believe this is unsafe, then perhaps it
should be fixed as well.

I also sent the patch to our security officer to review -- his
(preliminary?) judgement was the the fix was the right one.

> Jacques, please apply the following to the file.  I'll commit it
> tomorrow morning if it hasn't been changed by then.  I almost commited
> this just now and in the process managed to leave a lock file behind.
> cvs@ has been notified.

I'll let you or the security officer handle.  Certainly issetugid seems
like the right thing to do from the man page now that I've read it.
However my goal was to use this environmental information under the same
circumstances that the linker uses LD_LIBRARY_PATH.  This may have been
a flawed goal if there is some special reason that the check is
sufficient for the run-time linker, but not other cases.

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000930002146.A69517>