From owner-cvs-all Tue Sep 4 10:48:59 2001 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 249E737B405; Tue, 4 Sep 2001 10:48:49 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id f84HmlX19745; Tue, 4 Sep 2001 11:48:47 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.3/8.11.4) with ESMTP id f84Hmkh36422; Tue, 4 Sep 2001 11:48:46 -0600 (MDT) (envelope-from imp@harmony.village.org) Message-Id: <200109041748.f84Hmkh36422@harmony.village.org> To: Ruslan Ermilov Subject: Re: cvs commit: src/usr.bin/at panic.c privs.h Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org In-reply-to: Your message of "Tue, 04 Sep 2001 20:44:23 +0300." <20010904204423.D17754@sunbay.com> References: <20010904204423.D17754@sunbay.com> <20010904192252.G1669@sunbay.com> <200109041615.f84GFpx76144@freefall.freebsd.org> <200109041620.f84GKZh35512@harmony.village.org> <20010904192252.G1669@sunbay.com> <200109041730.f84HUPh36129@harmony.village.org> Date: Tue, 04 Sep 2001 11:48:46 -0600 From: Warner Losh Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20010904204423.D17754@sunbay.com> Ruslan Ermilov writes: : On Tue, Sep 04, 2001 at 11:30:25AM -0600, Warner Losh wrote: : > In message <20010904192252.G1669@sunbay.com> Ruslan Ermilov writes: : > : On Tue, Sep 04, 2001 at 10:20:35AM -0600, Warner Losh wrote: : > : > In message <200109041615.f84GFpx76144@freefall.freebsd.org> Ruslan Ermilov writes: : > : > : The setre[ug]id() calls are still used in the REDUCE_PERM macro (with : > : > : the r[ug]id arguments of -1) so that the call changes the saved user : > : > : and group IDs of the process to that specified. : > : > : > : > Just a side note: We should not use setre* calls in the base sources. : > : > They present problems for dropping privs since they obliterate the : > : > saved uid. : > : > : > : Exactly what was needed in this case -- to set saved IDs to the specified : > : values. : > : > setuid() does the same thing and is a less dangerous interface to use : > is my point. : > : Not in FreeBSD's implementation. In our implementation, setuid() always sets : real, effective, and saved IDs to the specified values (if permitted). : Consider the case where the ``setuid root'' program run by the user ``joe'' : wants to "reduce" its privileges to ``setuid daemon'', still preserving the : original real IDs, and allowing to switch between ``joe'' and ``daemon''. No, in FreeBSD's implementation. setreuid should never be used. Use seteuid() do do the switching. It will allow the library routines to drop and add privs better than setreuid(). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message