From owner-cvs-all  Wed Jul 19 21:57:25 2000
Delivered-To: cvs-all@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id 38B4237B9A3; Wed, 19 Jul 2000 21:57:16 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e6K4vFI24758;
	Wed, 19 Jul 2000 21:57:15 -0700 (PDT)
Date: Wed, 19 Jul 2000 21:57:15 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: Marcel Moolenaar <marcel@FreeBSD.org>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org,
	security-officer@FreeBSD.org
Subject: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c
Message-ID: <20000719215715.G13979@fw.wintelcom.net>
References: <200007190353.UAA71410@freefall.freebsd.org> <Pine.NEB.3.96L.1000720001526.77319D-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <Pine.NEB.3.96L.1000720001526.77319D-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Thu, Jul 20, 2000 at 12:25:48AM -0400
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> On Tue, 18 Jul 2000, Marcel Moolenaar wrote:
> 
> > marcel      2000/07/18 20:53:08 PDT
> > 
> >   Modified files:        (Branch: RELENG_4)
> >     sys/i386/linux       linux_dummy.c linux_misc.c 
> >   Log:
> >   MFC: Implement setfsuid and setfsgid.
> >   
> >   PR: 16993
> >   
> >   Revision  Changes    Path
> >   1.21.2.1  +1 -3      src/sys/i386/linux/linux_dummy.c
> >   1.77.2.2  +21 -1     src/sys/i386/linux/linux_misc.c
> > 

* Robert Watson <rwatson@FreeBSD.org> [000719 21:26] wrote:
> 
> Marcel,
> 
> I have not had a chance to review these commits as I am on travel. 

Don't bother, they really need to be backed out or changed (*),
the correct action is to return EPERM if the passed in uid isn't
the same as the effective user ID (no-op) unless we choose to
implement this capability correctly.

(*) An option that I'm comfortable with is making a sysctl that
makes these calls always succeed.  The default should be the correct
behavior:  EPERM when euid != uap->uid.

Furthermore the CVS log entry should have clearly stated that this
is a hack and doesn't work "Implement" != "Fake". :(

-Alfred



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message