Date: Sat, 29 Apr 1995 18:40:12 +0400 From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: Bruce Evans <bde@zeta.org.au> Cc: security@FreeBSD.org, "Garrett A. Wollman" <wollman@lcs.mit.edu> Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <NKC_aelKb6@astral.msk.su> In-Reply-To: <199504291339.XAA25148@godzilla.zeta.org.au>; from Bruce Evans at Sat, 29 Apr 1995 23:39:09 %2B1000 References: <199504291339.XAA25148@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199504291339.XAA25148@godzilla.zeta.org.au> Bruce Evans
writes:
>>0) Now we have _all_ set*[gu]id() functions in the same way like SunOS
>>(SunOS is de-facto standard, most of Unix pgms expects its way).
>>SunOS have true POSIX SAVED_IDS setuid()/setgid() and BSD4.2-like
>>setre*(). Moreover, now we compatible with Linux setuid()/setgid(),
>>they have POSIX SAVED_IDS too. I think current scheme is the best
>>way which is possible.
>I think the best possible is:
>a) seteuid(euid) == setreuid(-1, euid) (deprecated like setreuid())
Dislike. seteuid() is introduced to help root to avoid setuid()
POSIX restrictions. CSRG 4.4 have POSIX_SAVED_IDS root setuid()
case (surprise). See seteuid comment into sys/sys/unistd.h
>>1) seteuid() does not change svuid according to SunOS.
>>From common sense it allows root to keep svuid untouched,
>What does it do in Linux? I deleted my Linux sources, and the man
>pages here are of a much lower quality than FreeBSD's :-).
I can't found sete[ug]id() syscalls into Linux. It can be my fault
or intentional thing, because POSIX_SAVED_IDS setuid() cover
seteuid() case for non-roots.
>>3) I don't see sec hole you point:
> root: euid=0 ruid=0 svuid=any; exec setuid program to become
> man: euid=9 ruid=0 svuid=0; setuid(9) to become
> man: euid=9 ruid=0 svuid=0
>The setuid() is being done by an old program that isn't aware of POSIX
>semantics. It expects to end up as ruid=9 but doesn't. Note that the
>set[r]euid() semantics and the final value of svuid aren't important
>here.
Please, describe it more detaily: what started, which function
called with what args exactly, etc.
BTW, It is clear that POSIX setuid() works not the same way as non-POSIX :-)
I.e. non-POSIX return -1 when POSIX can be successful.
But as we claim ourselvs as POSIX-compatible, we must follow POSIX
and converts pgms which conflict with it (as we already do with terminal
driver f.e.). Lucky, looking through our sourses right now I don't
find any pgms which conflicts.
--
Andrey A. Chernov : And I rest so composedly, /Now, in my bed,
ache@astral.msk.su : That any beholder /Might fancy me dead -
FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead.
RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NKC_aelKb6>