Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Sep 2001 20:44:23 +0300
From:      Ruslan Ermilov <ru@FreeBSD.org>
To:        Warner Losh <imp@harmony.village.org>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/usr.bin/at panic.c privs.h
Message-ID:  <20010904204423.D17754@sunbay.com>
In-Reply-To: <200109041730.f84HUPh36129@harmony.village.org>; from imp@harmony.village.org on Tue, Sep 04, 2001 at 11:30:25AM -0600
References:  <20010904192252.G1669@sunbay.com> <200109041615.f84GFpx76144@freefall.freebsd.org> <200109041620.f84GKZh35512@harmony.village.org> <20010904192252.G1669@sunbay.com> <200109041730.f84HUPh36129@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Sep 04, 2001 at 11:30:25AM -0600, Warner Losh wrote:
> In message <20010904192252.G1669@sunbay.com> Ruslan Ermilov writes:
> : On Tue, Sep 04, 2001 at 10:20:35AM -0600, Warner Losh wrote:
> : > In message <200109041615.f84GFpx76144@freefall.freebsd.org> Ruslan Ermilov writes:
> : > :   The setre[ug]id() calls are still used in the REDUCE_PERM macro (with
> : > :   the r[ug]id arguments of -1) so that the call changes the saved user
> : > :   and group IDs of the process to that specified.
> : > 
> : > Just a side note: We should not use setre* calls in the base sources.
> : > They present problems for dropping privs since they obliterate the
> : > saved uid.
> : > 
> : Exactly what was needed in this case -- to set saved IDs to the specified
> : values.
> 
> setuid() does the same thing and is a less dangerous interface to use
> is my point.
> 
Not in FreeBSD's implementation.  In our implementation, setuid() always sets
real, effective, and saved IDs to the specified values (if permitted).
Consider the case where the ``setuid root'' program run by the user ``joe''
wants to "reduce" its privileges to ``setuid daemon'', still preserving the
original real IDs, and allowing to switch between ``joe'' and ``daemon''.


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010904204423.D17754>