From owner-cvs-sys  Mon Mar 31 07:13:39 1997
Return-Path: <owner-cvs-sys>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id HAA22143
          for cvs-sys-outgoing; Mon, 31 Mar 1997 07:13:39 -0800 (PST)
Received: (from peter@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id HAA22130;
          Mon, 31 Mar 1997 07:13:36 -0800 (PST)
Date: Mon, 31 Mar 1997 07:13:36 -0800 (PST)
From: Peter Wemm <peter>
Message-Id: <199703311513.HAA22130@freefall.freebsd.org>
To: CVS-committers, cvs-all, cvs-sys
Subject: cvs commit:  src/sys/kern kern_prot.c
Sender: owner-cvs-sys@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

peter       97/03/31 07:13:35

  Modified:    sys/kern  kern_prot.c
  Log:
  Implement code for an OpenBSD-style issetuigid().
  
  This is valueable for library code which needs to be able to find out
  whether the current process is or *was* set[ug]id at some point in the
  past, and may have a "tainted" execution environment.  This is especially
  a problem with the trend to immediately revoke privs at startup and regain
  them for critical sections.  One problem with this is that if a cracker
  is able to compromise the program while it's still got a saved id, the
  cracker can direct the program to regain the privs.  Another problem is
  that the user may be able to affect the program in some other way (eg:
  setting resolver host aliases) and the library code needs to know when it
  should disable these sorts of features.
  
  Reviewed by: ache
  Inspired by: OpenBSD (but with a different implementation)
  
  Revision  Changes    Path
  1.31      +26 -1     src/sys/kern/kern_prot.c