Date: Fri, 13 Dec 1996 12:52:16 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: bde@zeta.org.au (Bruce Evans) Cc: adam@veda.is, freebsd-current@FreeBSD.ORG Subject: Re: setgid() semantics Message-ID: <199612131952.MAA15679@phaeton.artisoft.com> In-Reply-To: <199612131008.VAA28452@godzilla.zeta.org.au> from "Bruce Evans" at Dec 13, 96 09:08:04 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> This was a security change. Both behaviours are POSIX conformant. > > Gids can be switched securely using the following models: > > BSD4.4Lite: > Use setegid() to switch between the real gid and the saved gid. > (The saved gid is initially the effective gid.) Use setgid() to set > all the ids to the same value. Do not use setrgid() or setregid(). > These functions are just wrappers around setegid(). They never change > the saved gid, and have other problems. > > FreeBSD-current: > Use setregid() to switch gids as usual. Use setregid(uid, uid) or > or setgid(uid) to set all the ids to the same value. You can also > use the BSD4.4Lite model, but this is probably less portable. And if you need to make the effective gid the real gid to violate security anyway (like running "enable" or "disable" on SCO to toggle logins on ports), use: system( "sh -c program"); To make the egid and gid match and be the priviledged value for "program". Ie: it doesn't make any *real* security fix. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612131952.MAA15679>