Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Jun 2004 13:26:11 +0200
From:      Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org>
To:        hackers@freebsd.org
Subject:   Re: Semantics of "seteuid(uid)" vs. "setreuid(-1,uid)"
Message-ID:  <20040610112611.GA15304@StefanEsser.FreeBSD.org>
In-Reply-To: <20040607083051.GA13982@VARK.homeunix.com>
References:  <20040606124734.GA2687@StefanEsser.FreeBSD.org> <20040607083051.GA13982@VARK.homeunix.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-06-07 01:30 -0700, David Schultz <das@FreeBSD.ORG> wrote:
> On Sun, Jun 06, 2004, Stefan Eer wrote:
> > Any reason, that there is a difference in semantics between:
> > 
> > 	seteuid(id)	vs.	setreuid(-1, id)	???
> > 
> > The tests performed on the arguments are different (assuming a
> > fixed arg of -1 for ruid) in that seteuid does not support the
> > case of (euid == cr_uid):
> > [...]
> > Is the difference between seteuid() and setreuid() deliberate ?
> 
> The best rationale I can think of is that setreuid(x, geteuid())
> does something useful, whereas seteuid(geteuid()) is a no-op.  I
> think the seteuid() behavior you complain about exists for purely
> historical reasons.  POSIX does not require seteuid(geteuid()) to
> succeed, but it implicitly allows it as an extension.  Solaris and
> Linux have this extension.  The trouble with tweaking the
> interface is that you always have to ask: what new security holes
> could this open up in existing software?

Thanks for the reply. I'm afraid that there might be security risks
and/or broken programs in the system. Problem is, that the current 
behaviour breaks programs in ports, that expect seteuid to behave
the same as setreuid(-1,uid) does on FreeBSD. But this can be fixed
in the individual ports ...

> Hao Chen points out that the failure of seteuid(geteuid()) in
> FreeBSD is one of many tricky issues with using the set*uid()
> interface portably.  In my (biased) opinion, his Setuid
> Demystified paper, is well worth reading if you want to untangle
> this stuff in your mind:
> 
> 	http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf

Thank you for the pointer: Interesting reading !

Regards, STefan



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040610112611.GA15304>