From owner-freebsd-hackers@FreeBSD.ORG Thu Jun 10 11:26:20 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACE2F16A4CE for ; Thu, 10 Jun 2004 11:26:20 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A60C43D41 for ; Thu, 10 Jun 2004 11:26:20 +0000 (GMT) (envelope-from se@freebsd.org) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BYNhI-0005aM-00 for hackers@freebsd.org; Thu, 10 Jun 2004 13:26:16 +0200 Received: from [80.132.230.132] (helo=Gatekeeper.FreeBSD.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1BYNhI-0004q9-00 for hackers@freebsd.org; Thu, 10 Jun 2004 13:26:16 +0200 Received: from StefanEsser.FreeBSD.org (StefanEsser [192.168.0.10]) by Gatekeeper.FreeBSD.org (Postfix) with ESMTP id EB4EE5F23; Thu, 10 Jun 2004 13:26:11 +0200 (CEST) Received: by StefanEsser.FreeBSD.org (Postfix, from userid 200) id 5912D2304; Thu, 10 Jun 2004 13:26:11 +0200 (CEST) Date: Thu, 10 Jun 2004 13:26:11 +0200 From: Stefan =?iso-8859-1?Q?E=DFer?= To: hackers@freebsd.org Message-ID: <20040610112611.GA15304@StefanEsser.FreeBSD.org> Mail-Followup-To: Stefan =?iso-8859-1?Q?E=DFer?= , hackers@freebsd.org References: <20040606124734.GA2687@StefanEsser.FreeBSD.org> <20040607083051.GA13982@VARK.homeunix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040607083051.GA13982@VARK.homeunix.com> User-Agent: Mutt/1.5.6i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:fa3fae9b6ca38d745862a668565919f6 Subject: Re: Semantics of "seteuid(uid)" vs. "setreuid(-1,uid)" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 11:26:20 -0000 On 2004-06-07 01:30 -0700, David Schultz wrote: > On Sun, Jun 06, 2004, Stefan Eer wrote: > > Any reason, that there is a difference in semantics between: > > > > seteuid(id) vs. setreuid(-1, id) ??? > > > > The tests performed on the arguments are different (assuming a > > fixed arg of -1 for ruid) in that seteuid does not support the > > case of (euid == cr_uid): > > [...] > > Is the difference between seteuid() and setreuid() deliberate ? > > The best rationale I can think of is that setreuid(x, geteuid()) > does something useful, whereas seteuid(geteuid()) is a no-op. I > think the seteuid() behavior you complain about exists for purely > historical reasons. POSIX does not require seteuid(geteuid()) to > succeed, but it implicitly allows it as an extension. Solaris and > Linux have this extension. The trouble with tweaking the > interface is that you always have to ask: what new security holes > could this open up in existing software? Thanks for the reply. I'm afraid that there might be security risks and/or broken programs in the system. Problem is, that the current behaviour breaks programs in ports, that expect seteuid to behave the same as setreuid(-1,uid) does on FreeBSD. But this can be fixed in the individual ports ... > Hao Chen points out that the failure of seteuid(geteuid()) in > FreeBSD is one of many tricky issues with using the set*uid() > interface portably. In my (biased) opinion, his Setuid > Demystified paper, is well worth reading if you want to untangle > this stuff in your mind: > > http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf Thank you for the pointer: Interesting reading ! Regards, STefan