From owner-freebsd-security  Thu Jul 11 08:11:38 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA20061
          for security-outgoing; Thu, 11 Jul 1996 08:11:38 -0700 (PDT)
Received: from sovcom.kiae.su (sovcom.kiae.su [193.125.152.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA20008;
          Thu, 11 Jul 1996 08:11:29 -0700 (PDT)
Received: by sovcom.kiae.su id AA00328
  (5.65.kiae-1 ); Thu, 11 Jul 1996 17:57:53 +0300
Received: by sovcom.KIAE.su (UUMAIL/2.0); Thu, 11 Jul 96 17:57:53 +0300
Received: (from ache@localhost) by nagual.ru (8.7.5/8.7.3) id SAA02660; Thu, 11 Jul 1996 18:55:15 +0400 (MSD)
Message-Id: <199607111455.SAA02660@nagual.ru>
Subject: POSIX saved ids: what to do?
To: security@freebsd.org, core@freebsd.org, bde@zeta.org.au (Bruce Evans)
Date: Thu, 11 Jul 1996 18:55:14 +0400 (MSD)
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (Andrey A. Chernov) <ache@nagual.ru>
Organization: self
X-Class: Fast
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

POSIX saved ids (when turned on) is incompatible with
standard BSD semantics which is close to POSIX saved ids turned off.
I.e. seteuid + setuid sequence produce very different result in both
models. Old or BSD programs which use it may even not know about
POSIX saved ids. So I can see here two solutions:

1) Completely return to old BSD semantics which is close
to POSIX saved ids turned off.

2) Return to old BSD semantics when program issue seteuid()
or setreuid() first time (POSIX allows only setuid
so it clearly indicates non-POSIX model).

Comments?
-- 
Andrey A. Chernov
<ache@nagual.ru>
http://www.nagual.ru/~ache/