From owner-freebsd-current  Fri Jul 19 20:11:30 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A1C7F37B405
	for <current@freebsd.org>; Fri, 19 Jul 2002 20:11:27 -0700 (PDT)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 551ED43E6E
	for <current@freebsd.org>; Fri, 19 Jul 2002 20:11:26 -0700 (PDT)
	(envelope-from bde@zeta.org.au)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id NAA27145;
	Sat, 20 Jul 2002 13:11:13 +1000
Date: Sat, 20 Jul 2002 13:15:11 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Julian Elischer <julian@vicor.com>
Cc: current@freebsd.org
Subject: Re: [Fwd: FreeBSD/Linux kernel setgid implementation]
In-Reply-To: <20020720130233.Y15254-100000@gamplex.bde.org>
Message-ID: <20020720131426.T15254-100000@gamplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Fri, 19 Jul 2002, Julian Elischer wrote:

> forwarded from bugtraq..

> Indeed, with their rigourous methodology, the authors did detect this error in the setgid linux manpage on Red Hat 7.2. I just wonder if they reported it (the manpage on www.linux.org is still inaccurate at the moment).
> This paper also reports a real example of a program with the setgid flag only, that thinks it can drop all privileges by calling setgid(getgid()). It is OK on FreeBSD, but not on Linux...

This point will have to be revisited son, since POSIX-1.2001 requires
_POSIX_SAVED_IDS.  I think the full brokenness of _POSIX_SAVED_IDS can
be avoided using a suitably weaselish definition of "appropriate"
privilege (give everyone that can do set[ug]id() appropriate privilege,
so that doing it drops the extra saved [ug]id privilege).

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message