From owner-freebsd-audit  Tue May  8  2:11:28 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-108.dsl.lsan03.pacbell.net [63.207.60.108])
	by hub.freebsd.org (Postfix) with ESMTP id CDA0137B422
	for <audit@FreeBSD.org>; Tue,  8 May 2001 02:11:25 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 6952667AF7; Tue,  8 May 2001 02:11:25 -0700 (PDT)
Date: Tue, 8 May 2001 02:11:25 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Warner Losh <imp@harmony.village.org>
Cc: Kris Kennaway <kris@obsecurity.org>, audit@FreeBSD.org
Subject: Re: fstat patches
Message-ID: <20010508021125.A89909@xor.obsecurity.org>
References: <20010508001945.A86617@xor.obsecurity.org> <200105080839.f488dPb79246@harmony.village.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200105080839.f488dPb79246@harmony.village.org>; from imp@harmony.village.org on Tue, May 08, 2001 at 02:39:25AM -0600
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 08, 2001 at 02:39:25AM -0600, Warner Losh wrote:
> In message <20010508001945.A86617@xor.obsecurity.org> Kris Kennaway write=
s:
> : These are taken from OpenBSD.  Please review: I don't know if the
> : setegid() changes actually serve a purpose..can anyone explain it to
> : me?
>=20
> fstat is supposed to run setgid kmem.  I think in FreeBSD the setegid
> is a noop for this situation.  Theo is fond of tossing them in.
> OpenBSD has slightly different set*id semantics and it would be best
> to verify my analysis by checking there.
>=20
> our setgid says:
>      The setgid() function sets the real and effective group IDs and the =
saved
>      set-group-ID of the current process to the specified value.  The set=
gid()
>      function is permitted if the specified ID is equal to the real group=
 ID
>      or the effective group ID of the process, or if the effective user I=
D is
>      that of the super user.

Yeah, I compared with the OpenBSD setuid(2) manpage and couldn't
notice any different semantics..I'm not sure why they did this, but
there was presumably some motivation for the change.

Kris

--ReaqsoxgOBHFXBhH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE697g8Wry0BWjoQKURAswzAKCrfpjFc8uYXSwp6lbHYBwzng1eBwCfY9D1
WxBMeP3rHu0Nc9nqANTFpbw=
=2Z4p
-----END PGP SIGNATURE-----

--ReaqsoxgOBHFXBhH--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message