From owner-freebsd-security  Fri Apr 21 08:52:31 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id IAA09995
          for security-outgoing; Fri, 21 Apr 1995 08:52:31 -0700
Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id IAA09988
          for <freebsd-security@FreeBSD.org>; Fri, 21 Apr 1995 08:52:25 -0700
Received: by halloran-eldar.lcs.mit.edu; id AA06954; Fri, 21 Apr 1995 11:49:42 -0400
Date: Fri, 21 Apr 1995 11:49:42 -0400
From: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
Message-Id: <9504211549.AA06954@halloran-eldar.lcs.mit.edu>
To: erandall@muffit.reo.dec.com (Ed Randall)
Cc: freebsd-security@FreeBSD.org
Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc
In-Reply-To: <9504210746.AA22703@muffit.reo.dec.com>
References: <tPZVfbladA@astral.msk.su>
	<9504210746.AA22703@muffit.reo.dec.com>
Sender: security-owner@FreeBSD.org
Precedence: bulk

<<On Fri, 21 Apr 95 8:46:57 WET DST, erandall@muffit.reo.dec.com (Ed Randall) said:

> Wouldn't it be better to FIX these functions to match the POSIX standard, and 
> patch up the security holes ? 

The POSIX standard specifies set[ug]id() AND NOTHING ELSE.  Do you
really want strict POSIX behavior?

I didn't think so...

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant