From owner-freebsd-security  Fri Apr 21 00:47:08 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id AAA02665
          for security-outgoing; Fri, 21 Apr 1995 00:47:08 -0700
Received: from mail1.digital.com (mail1.digital.com [204.123.2.50])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id AAA02659
          for <freebsd-security@FreeBSD.ORG>; Fri, 21 Apr 1995 00:47:06 -0700
Received: from muffit.reo.dec.com by mail1.digital.com; (5.65 EXP 4/12/95 for V3.2/1.0/WV)
	id AA04491; Fri, 21 Apr 1995 00:44:51 -0700
Received: by muffit.reo.dec.com (5.65/helenc-6Apr93);
	id AA22703; Fri, 21 Apr 1995 08:46:57 +0100
From: erandall@muffit.reo.dec.com (Ed Randall)
Message-Id: <9504210746.AA22703@muffit.reo.dec.com>
Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc
To: freebsd-security@FreeBSD.org
Date: Fri, 21 Apr 95 8:46:57 WET DST
In-Reply-To: <tPZVfbladA@astral.msk.su>; from "Andrey A. Chernov, Black Mage" at Apr 20, 95 9:20 pm
X-Mailer: ELM [version 2.3 PL11]
Sender: security-owner@FreeBSD.org
Precedence: bulk

Andrey A. Chernov, Black Mage writes:
> 
> In message <OH5bMbl8U5@astral.msk.su> Andrey A. Chernov writes:
> 
> >I vote for removing this fuctions completely from library
> >sources, it is only one safe variant, if we can't implement
> >them in 100%.
> 
> More info:
> osetreuid/osetregid syscalls check arguments in the same
> way that lib function does, and they are only a little bit safe,
> because testing of s[rg]id independs of place calling.
> 
> They both can't be implemented, they are violation of POSIX,
> so I prefer to remove them to not make security hole.
> If none object, I'll commit the change.

Hi,

Exactly which functions are you planning to remove :
setruid
setreuid
setrgid
setregid
osetreuid
osetregid
and from where ?

Please be aware that if you simply remove something, you will most likely
prevent various (unknown) applications from compiling.

Wouldn't it be better to FIX these functions to match the POSIX standard, and 
patch up the security holes ?  POSIX compliance has surely to be the goal, and
removing any POSIX functions altogether will miss the target as surely as if
the functions are broken.

Regards,

Ed Randall

----

----------------------------------------------------------------------
Ed Randall           Digital Equipment Co.Ltd., Worton Grange, Reading
DECnet : RDGENG::RANDALL
Internet : erandall@muffit.reo.dec.com
----------------------------------------------------------------------