From owner-freebsd-security Mon May 1 11:02:04 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA01933 for security-outgoing; Mon, 1 May 1995 11:02:04 -0700 Received: from kudu.ru.ac.za (kudu.ru.ac.za [146.231.128.5]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id LAA01925 ; Mon, 1 May 1995 11:01:15 -0700 Received: from by kudu.ru.ac.za with cbsmtp (Smail3.1.28.1 #2) id m0s5zln-000MfpC; Mon, 1 May 95 20:00 EET Received: by neptune.ru.ac.za (Smail3.1.28.1 #10) id m0s5ozP-0000CpC; Mon, 1 May 95 08:29 SAT Message-Id: From: geoff@neptune.ru.ac.za (Geoff Rehmet) Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc To: ache@astral.msk.su (Andrey A. Chernov, Black Mage) Date: Mon, 1 May 1995 08:29:49 +0200 (SAT) Cc: arch@FreeBSD.org, core@FreeBSD.org, security@FreeBSD.org In-Reply-To: from "Andrey A. Chernov, Black Mage" at Apr 20, 95 09:20:35 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 955 Sender: security-owner@FreeBSD.org Precedence: bulk Andrey A. Chernov, Black Mage writes : > > More info: > osetreuid/osetregid syscalls check arguments in the same > way that lib function does, and they are only a little bit safe, > because testing of s[rg]id independs of place calling. > > They both can't be implemented, they are violation of POSIX, > so I prefer to remove them to not make security hole. > If none object, I'll commit the change. (I should have replied to this earlier.) I am in favour of the removal of these calls. We must just be a little bit careful about what the effect is on library interfaces when these are removed. (Remember that a change like this involves a major version bump. -- there's been a lot of water under this bridge before) Geoff. -- Geoff Rehmet | ____ _ o /\ geoff@neptune.ru.ac.za |___ _-\_<, / /\/\ "finger -l rehmet@cs.ru.ac.za" for PGP key | (*)/'(*) /\/ / \ \