From owner-freebsd-current Tue Jan 18 16:58:53 2000 Delivered-To: freebsd-current@freebsd.org Received: from nagual.pp.ru (deep-thought.demos.su [195.133.1.74]) by hub.freebsd.org (Postfix) with ESMTP id 0633214DBE; Tue, 18 Jan 2000 16:58:49 -0800 (PST) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.9.3/8.9.3) id DAA65801; Wed, 19 Jan 2000 03:53:30 +0300 (MSK) (envelope-from ache) Date: Wed, 19 Jan 2000 03:53:29 +0300 From: "Andrey A. Chernov" To: Peter Wemm Cc: current@freebsd.org, bde@freebsd.org, sheldonh@freebsd.org Subject: Re: Security hole with new setresuid call Message-ID: <20000119035329.A65749@nagual.pp.ru> References: <20000118061202.50F8D1CD4@overcee.netplex.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <20000118061202.50F8D1CD4@overcee.netplex.com.au> Organization: Biomechanoid Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 18, 2000 at 02:12:02PM +0800, Peter Wemm wrote: > .. and why is this a security hole? setresuid(geteuid(), geteuid(), geteuid()) > is equivalent to setuid(geteuid()).. Umm, maybe not the hole exactly, but difference between same area syscalls implementation. We define POSIX_APPENDIX_B_4_2_2 by default for setuid(geteuid()), but I mean case when it is _not_ defined (BTW, why to have define which is always on?) And in case POSIX_APPENDIX_B_4_2_2 is not defined, ruid = euid; assignment was not allowed before you add new syscall. -- Andrey A. Chernov http://nagual.pp.ru/~ache/ MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message