Date: Tue, 04 Sep 2001 11:48:46 -0600 From: Warner Losh <imp@harmony.village.org> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/at panic.c privs.h Message-ID: <200109041748.f84Hmkh36422@harmony.village.org> In-Reply-To: Your message of "Tue, 04 Sep 2001 20:44:23 %2B0300." <20010904204423.D17754@sunbay.com> References: <20010904204423.D17754@sunbay.com> <20010904192252.G1669@sunbay.com> <200109041615.f84GFpx76144@freefall.freebsd.org> <200109041620.f84GKZh35512@harmony.village.org> <20010904192252.G1669@sunbay.com> <200109041730.f84HUPh36129@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010904204423.D17754@sunbay.com> Ruslan Ermilov writes: : On Tue, Sep 04, 2001 at 11:30:25AM -0600, Warner Losh wrote: : > In message <20010904192252.G1669@sunbay.com> Ruslan Ermilov writes: : > : On Tue, Sep 04, 2001 at 10:20:35AM -0600, Warner Losh wrote: : > : > In message <200109041615.f84GFpx76144@freefall.freebsd.org> Ruslan Ermilov writes: : > : > : The setre[ug]id() calls are still used in the REDUCE_PERM macro (with : > : > : the r[ug]id arguments of -1) so that the call changes the saved user : > : > : and group IDs of the process to that specified. : > : > : > : > Just a side note: We should not use setre* calls in the base sources. : > : > They present problems for dropping privs since they obliterate the : > : > saved uid. : > : > : > : Exactly what was needed in this case -- to set saved IDs to the specified : > : values. : > : > setuid() does the same thing and is a less dangerous interface to use : > is my point. : > : Not in FreeBSD's implementation. In our implementation, setuid() always sets : real, effective, and saved IDs to the specified values (if permitted). : Consider the case where the ``setuid root'' program run by the user ``joe'' : wants to "reduce" its privileges to ``setuid daemon'', still preserving the : original real IDs, and allowing to switch between ``joe'' and ``daemon''. No, in FreeBSD's implementation. setreuid should never be used. Use seteuid() do do the switching. It will allow the library routines to drop and add privs better than setreuid(). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109041748.f84Hmkh36422>