From owner-freebsd-audit Tue May 8 1:39:34 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id B3ACC37B424 for ; Tue, 8 May 2001 01:39:32 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.3/8.11.1) with ESMTP id f488dPb79246; Tue, 8 May 2001 02:39:29 -0600 (MDT) (envelope-from imp@harmony.village.org) Message-Id: <200105080839.f488dPb79246@harmony.village.org> To: Kris Kennaway Subject: Re: fstat patches Cc: audit@FreeBSD.org In-reply-to: Your message of "Tue, 08 May 2001 00:19:45 PDT." <20010508001945.A86617@xor.obsecurity.org> References: <20010508001945.A86617@xor.obsecurity.org> Date: Tue, 08 May 2001 02:39:25 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20010508001945.A86617@xor.obsecurity.org> Kris Kennaway writes: : These are taken from OpenBSD. Please review: I don't know if the : setegid() changes actually serve a purpose..can anyone explain it to : me? fstat is supposed to run setgid kmem. I think in FreeBSD the setegid is a noop for this situation. Theo is fond of tossing them in. OpenBSD has slightly different set*id semantics and it would be best to verify my analysis by checking there. our setgid says: The setgid() function sets the real and effective group IDs and the saved set-group-ID of the current process to the specified value. The setgid() function is permitted if the specified ID is equal to the real group ID or the effective group ID of the process, or if the effective user ID is that of the super user. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message