Date: Fri, 21 Apr 1995 11:34:32 +0200 (MET DST) From: roberto@blaise.ibp.fr (Ollivier Robert) To: erandall@muffit.reo.dec.com (Ed Randall) Cc: freebsd-security@FreeBSD.org Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <199504210934.LAA10116@blaise.ibp.fr> In-Reply-To: <9504210746.AA22703@muffit.reo.dec.com> from "Ed Randall" at Apr 21, 95 08:46:57 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Please be aware that if you simply remove something, you will most likely > prevent various (unknown) applications from compiling. My precedent message doesn't seem to have gone through : if we remove something from the library, it will be an interface change and we would have to bump the *major* library version # to 3 ! Bad thing just before a release. > Wouldn't it be better to FIX these functions to match the POSIX standard, and > patch up the security holes ? POSIX compliance has surely to be the goal, and > removing any POSIX functions altogether will miss the target as surely as if > the functions are broken. Yes this is the way to go. We need working setruid and friends and proper POSIX saved uids implementation. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@FreeBSD.ORG FreeBSD keltia 2.0.950416-SNAP #17: Sun Apr 16 17:12:07 MET DST 1995
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504210934.LAA10116>