From owner-freebsd-audit  Fri May 25  8:48: 6 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP
	id A864837B42C; Fri, 25 May 2001 08:47:55 -0700 (PDT)
	(envelope-from bde@zeta.org.au)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id BAA25097;
	Sat, 26 May 2001 01:47:51 +1000
Date: Sat, 26 May 2001 01:46:21 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-Sender: bde@besplex.bde.org
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Kris Kennaway <kris@obsecurity.org>, audit@FreeBSD.ORG
Subject: Re: ping6 fixes
In-Reply-To: <20010510151241.A44027@sunbay.com>
Message-ID: <Pine.BSF.4.21.0105260123140.84787-100000@besplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

[I'm replying publicly only to the last reply in this thread]

On Thu, 10 May 2001, Ruslan Ermilov wrote:

> On Thu, May 10, 2001 at 08:52:50PM +1000, Bruce Evans wrote:
> > On Thu, 10 May 2001, Ruslan Ermilov wrote:
> > 
> > > On Wed, May 09, 2001 at 08:37:40PM -0700, Kris Kennaway wrote:
> > > > On Wed, May 09, 2001 at 04:20:44AM +1000, Bruce Evans wrote:
> > > > 
> > > > > I think I now understand the purpose of seteuid() before seteuid().
> > > > 
> > > > Me too.  Thanks, all.
> > > > 
> > > /me still doesn't.
> > > 
> > > As I said, this would only be meaningful if:
> > > 
> > > 1)  we follow POSIX.1-200x
> > 
> > I'm stll not sure about this (haven't seen POSIX.any-200x...).
> > 
> Don't you know that the drafts are available on
> www.opengroup.com/austin-l ?

No I do.  It's actually www.opengroup.org/somewhere (www.opengroup.com
is completely different).

For setuid(), draft POSIX.1-200x is essentially the same as POSIX.1.1996
except it requires _POSIX_SAVED_IDS, so we don't follow it.

For seteuid(), draft POSIX.1-200x seems to be essentially the same as
4.4BSD (I didn't check this carefully).  I don't see how this can work
right with _POSIX_SAVED_IDS.  It works right in 4.4BSD, but with
_POSIX_SAVED_IDS there seems to be no way to give up the saved id
except for processes with "appropriate privilege".  The rationale for
setuid() in Draft POSIX.1-200x has a lot to say about this problem.
Its solution of adding the 4.4BSD seteuid() is incomplete IMO.

> > > - and -
> > > 
> > > 2)  the process doesn't have "appropriate privilege" initially,
> > >     i.e., it's not setuid root (not the case here).
> > 
> > It saves you from having to know much about the current ids.  (Not a
> > good reason, since you really should understand the current ids in
> > set*id programs.  And you really should check that set*id() succeeded...)
> > 
> But the comment in the code assumes that the current IDs are that of
> root.

OK.  There is no problem for setuid root programs like ping* provided they
give up their privilege when their euid is root.  They then have
"appropriate privilge", so setuid() works right.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message