From owner-freebsd-hackers  Wed Mar 29 22:58:43 1995
Return-Path: hackers-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id WAA17283 for hackers-outgoing; Wed, 29 Mar 1995 22:58:43 -0800
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id WAA17272 for <freebsd-hackers@FreeBSD.org>; Wed, 29 Mar 1995 22:58:32 -0800
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id QAA32598; Thu, 30 Mar 1995 16:56:28 +1000
Date: Thu, 30 Mar 1995 16:56:28 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199503300656.QAA32598@godzilla.zeta.org.au>
To: freebsd-hackers@FreeBSD.org, kelly@fsl.noaa.gov
Subject: Re: at(1) bug
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

>User-submitted jobs with at(1) run with the user's ID but root's
>groups.  This can't be right, can it?

>Has this been fixed?

Apparently not.  `gid' isn't mentioned in the sources.

Another thing: `at' was written for Linux and uses setreuid(), but
setreuid() is deprecated and isn't fully compatible in 4.4BSD.  In all
of /usr/src/*bin/*.[ch], setreuid() is only called from contributed
sources:

	usr.sbin/ppp
	usr.sbin/pppd
	usr.bin/at
	usr.bin/ncftp

Bruce