From owner-freebsd-security  Fri Apr 28 08:48:50 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id IAA16858
          for security-outgoing; Fri, 28 Apr 1995 08:48:50 -0700
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id IAA16852
          for <security@FreeBSD.org>; Fri, 28 Apr 1995 08:48:46 -0700
Received: by sequent.kiae.su id AA06827
  (5.65.kiae-2 ); Fri, 28 Apr 1995 19:41:34 +0400
Received: by sequent.KIAE.su (UUMAIL/2.0); Fri, 28 Apr 95 19:41:33 +0400
Received: (from ache@localhost) by astral.msk.su (8.6.8/8.6.6) id TAA00794; Fri, 28 Apr 1995 19:39:43 +0400
To: sa2c@st.rim.or.jp, security@FreeBSD.org
References: <199504280436.NAA00812@us.and.or.jp>
In-Reply-To: <199504280436.NAA00812@us.and.or.jp>;
    from NIIMI Satoshi at Fri, 28 Apr 1995 13:36:14 +0900
Message-Id: <FK_mGel8m3@astral.msk.su>
Organization: Olahm Ha-Yetzirah
Date: Fri, 28 Apr 1995 19:39:43 +0400
X-Mailer: Mail/@ [v2.32 FreeBSD]
From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su>
X-Class: Fast
Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc
Lines: 31
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 1284
Sender: security-owner@FreeBSD.org
Precedence: bulk

In message <199504280436.NAA00812@us.and.or.jp> NIIMI Satoshi writes:

>I've noticed with -current that when euid is not equal to ruid,
>setuid(euid) fails but setreuid(euid, euid) successes.

>But once setreuid(euid, -1) or setreuid(euid, euid), setuid(euid)
>sccesses.

>Please unify the rule for setre[ug]id() and set[ug]id():

>a) It is possible to change ruid if target is same as saved uid.
>or
>b) Only the superuser can change ruid.

>IMHO: There is no need to give users the pass to change real user id.
>The main aim of setre[ug]id() in 4.3BSD was to change e[ug]id.  This
>can be done by only sete[ug]id() in 4.4BSD.

When we follow BSD 4.4 rule, we need to remove setre*() completely,
because they cause very big confusion for all pgms which
expects 4.2 way.
Recently I call core team about removing them, but peoples
prefer to implement them correctly (4.2 way) instead of removing.
So, I do it. Now it is impossible to unify rule: it divides
to POSIX and non-POSIX behaviour.

-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
FidoNet: 2:5020/230.3    : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849