From owner-cvs-all Tue Sep 4 11: 1:57 2001 Delivered-To: cvs-all@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 84E7237B407; Tue, 4 Sep 2001 11:01:36 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f84I1Cx24552; Tue, 4 Sep 2001 21:01:12 +0300 (EEST) (envelope-from ru) Date: Tue, 4 Sep 2001 21:01:12 +0300 From: Ruslan Ermilov To: Warner Losh Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/at panic.c privs.h Message-ID: <20010904210112.F17754@sunbay.com> References: <20010904204423.D17754@sunbay.com> <20010904192252.G1669@sunbay.com> <200109041615.f84GFpx76144@freefall.freebsd.org> <200109041620.f84GKZh35512@harmony.village.org> <20010904192252.G1669@sunbay.com> <200109041730.f84HUPh36129@harmony.village.org> <20010904204423.D17754@sunbay.com> <200109041748.f84Hmkh36422@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200109041748.f84Hmkh36422@harmony.village.org>; from imp@harmony.village.org on Tue, Sep 04, 2001 at 11:48:46AM -0600 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Sep 04, 2001 at 11:48:46AM -0600, Warner Losh wrote: > In message <20010904204423.D17754@sunbay.com> Ruslan Ermilov writes: > : On Tue, Sep 04, 2001 at 11:30:25AM -0600, Warner Losh wrote: > : > In message <20010904192252.G1669@sunbay.com> Ruslan Ermilov writes: > : > : On Tue, Sep 04, 2001 at 10:20:35AM -0600, Warner Losh wrote: > : > : > In message <200109041615.f84GFpx76144@freefall.freebsd.org> Ruslan Ermilov writes: > : > : > : The setre[ug]id() calls are still used in the REDUCE_PERM macro (with > : > : > : the r[ug]id arguments of -1) so that the call changes the saved user > : > : > : and group IDs of the process to that specified. > : > : > > : > : > Just a side note: We should not use setre* calls in the base sources. > : > : > They present problems for dropping privs since they obliterate the > : > : > saved uid. > : > : > > : > : Exactly what was needed in this case -- to set saved IDs to the specified > : > : values. > : > > : > setuid() does the same thing and is a less dangerous interface to use > : > is my point. > : > > : Not in FreeBSD's implementation. In our implementation, setuid() always sets > : real, effective, and saved IDs to the specified values (if permitted). > : Consider the case where the ``setuid root'' program run by the user ``joe'' > : wants to "reduce" its privileges to ``setuid daemon'', still preserving the > : original real IDs, and allowing to switch between ``joe'' and ``daemon''. > > No, in FreeBSD's implementation. setreuid should never be used. > > Use seteuid() do do the switching. It will allow the library routines > to drop and add privs better than setreuid(). > No. seteuid(neweuid) only sets (if permitted) the effective UID, it does not change the saved UID (root in this case), thus the application does not lose its ``setuid root'' privilege. : The seteuid() function sets the effective user ID of the current process. : The effective user ID may be set to the value of the real user ID or the : saved set-user-ID (see intro(2) and execve(2)); in this way, the effective : user ID of a set-user-ID executable may be toggled by switching to the : real user ID, then re-enabled by reverting to the set-user-ID value. : Similarly, the effective group ID may be set to the value of the real : group ID or the saved set-user-ID. The task: change ``setuid root'' process to ``setuid daemon'' process. Original: uid = joe, euid = root, svuid = root case 1. setuid(DAEMON): uid = DAEMON, euid = DAEMON, svuid = DAEMON Impossible to temporarily relinquish privileges to that of joe. case 2. seteuid(DAEMON): uid = joe, euid = DAEMON, svuid = root The process is still ``setuid root'', the call to seteuid(root) will succeed. case 3. setreuid(-1, DAEMON): uid = joe, euid = DAEMON, svuid = DAEMON Same as original, except s/root/DAEMON/. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message