From owner-freebsd-security  Sat Oct 12  0:52: 0 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4978337B401
	for <security@FreeBSD.ORG>; Sat, 12 Oct 2002 00:51:59 -0700 (PDT)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4CAA843E91
	for <security@FreeBSD.ORG>; Sat, 12 Oct 2002 00:51:58 -0700 (PDT)
	(envelope-from bde@zeta.org.au)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id RAA08333;
	Sat, 12 Oct 2002 17:51:47 +1000
Date: Sat, 12 Oct 2002 18:02:02 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: David Schultz <dschultz@uclink.Berkeley.EDU>
Cc: Don Lewis <dl-freebsd@catspoiler.org>,
	<peterjeremy@optushome.com.au>, <behanna@zbzoom.net>,
	<security@FreeBSD.ORG>
Subject: Re: access() is a security hole?
In-Reply-To: <20021012031120.GA1951@HAL9000.homeunix.com>
Message-ID: <20021012175752.K16055-100000@gamplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 11 Oct 2002, David Schultz wrote:

> ...
> Really, there ought to be a version of the open syscall that takes
> an argument specifying the credentials to use for the call, but
> instead we're stuck with the lovely setuid suite of functions.

Unmentionablux has had the setfsuid suite for some time now.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message