From owner-freebsd-security Fri Apr 21 02:35:35 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id CAA04720 for security-outgoing; Fri, 21 Apr 1995 02:35:35 -0700 Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id CAA04714 for ; Fri, 21 Apr 1995 02:35:20 -0700 Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id LAA24790 ; Fri, 21 Apr 1995 11:34:33 +0200 Received: from (roberto@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) id LAA10116 ; Fri, 21 Apr 1995 11:34:33 +0200 From: roberto@blaise.ibp.fr (Ollivier Robert) Message-Id: <199504210934.LAA10116@blaise.ibp.fr> Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc To: erandall@muffit.reo.dec.com (Ed Randall) Date: Fri, 21 Apr 1995 11:34:32 +0200 (MET DST) Cc: freebsd-security@FreeBSD.org In-Reply-To: <9504210746.AA22703@muffit.reo.dec.com> from "Ed Randall" at Apr 21, 95 08:46:57 am X-Operating-System: FreeBSD 2.0.950416-SNAP ctm#562 X-Mailer: ELM [version 2.4 PL23beta2] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 884 Sender: security-owner@FreeBSD.org Precedence: bulk > Please be aware that if you simply remove something, you will most likely > prevent various (unknown) applications from compiling. My precedent message doesn't seem to have gone through : if we remove something from the library, it will be an interface change and we would have to bump the *major* library version # to 3 ! Bad thing just before a release. > Wouldn't it be better to FIX these functions to match the POSIX standard, and > patch up the security holes ? POSIX compliance has surely to be the goal, and > removing any POSIX functions altogether will miss the target as surely as if > the functions are broken. Yes this is the way to go. We need working setruid and friends and proper POSIX saved uids implementation. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@FreeBSD.ORG FreeBSD keltia 2.0.950416-SNAP #17: Sun Apr 16 17:12:07 MET DST 1995