From owner-cvs-all Fri Sep 29 22:21:51 2000 Delivered-To: cvs-all@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 52F1437B502; Fri, 29 Sep 2000 22:21:47 -0700 (PDT) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 52F8E1925D; Sat, 30 Sep 2000 00:21:46 -0500 (CDT) Received: (from nectar@localhost) by hamlet.nectar.com (8.9.3/8.9.3) id AAA69565; Sat, 30 Sep 2000 00:21:46 -0500 (CDT) (envelope-from nectar@spawn.nectar.com) Date: Sat, 30 Sep 2000 00:21:46 -0500 From: "Jacques A. Vidrine" To: Warner Losh Cc: Don Lewis , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/net hesiod.c Message-ID: <20000930002146.A69517@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Warner Losh , Don Lewis , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009291256.FAA32249@freefall.freebsd.org> <200009300318.UAA19183@salsa.gv.tsc.tdk.com> <200009300507.e8U57YG24889@billy-club.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200009300507.e8U57YG24889@billy-club.village.org>; from imp@village.org on Fri, Sep 29, 2000 at 11:07:33PM -0600 X-Url: http://www.nectar.com/ Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Sep 29, 2000 at 11:07:33PM -0600, Warner Losh wrote: > In message <200009300318.UAA19183@salsa.gv.tsc.tdk.com> Don Lewis writes: > : Would a better test be to check issetugid()? The process may have > : already dropped privileges ... > > I concur. One should use issetugid() rather than checking directly > against the uid/gid because we may have dropped privs already. [snip] I took the same approach as the run-time linker does for dealing with LD_LIBRARY_PATH et. al. If you believe this is unsafe, then perhaps it should be fixed as well. I also sent the patch to our security officer to review -- his (preliminary?) judgement was the the fix was the right one. > Jacques, please apply the following to the file. I'll commit it > tomorrow morning if it hasn't been changed by then. I almost commited > this just now and in the process managed to leave a lock file behind. > cvs@ has been notified. I'll let you or the security officer handle. Certainly issetugid seems like the right thing to do from the man page now that I've read it. However my goal was to use this environmental information under the same circumstances that the linker uses LD_LIBRARY_PATH. This may have been a flawed goal if there is some special reason that the check is sufficient for the run-time linker, but not other cases. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message