From owner-freebsd-security Wed Apr 19 13:15:58 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA27741 for security-outgoing; Wed, 19 Apr 1995 13:15:58 -0700 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id NAA27732 ; Wed, 19 Apr 1995 13:15:50 -0700 Received: by sequent.kiae.su id AA00787 (5.65.kiae-2 ); Wed, 19 Apr 1995 23:51:47 +0400 Received: by sequent.KIAE.su (UUMAIL/2.0); Wed, 19 Apr 95 23:51:47 +0400 Received: (from ache@localhost) by astral.msk.su (8.6.8/8.6.6) id XAA01528; Wed, 19 Apr 1995 23:49:25 +0400 To: arch@FreeBSD.org, core@FreeBSD.org, security@FreeBSD.org Message-Id: Organization: Olahm Ha-Yetzirah Date: Wed, 19 Apr 1995 23:49:25 +0400 X-Mailer: Mail/@ [v2.32 FreeBSD] From: "Andrey A. Chernov, Black Mage" X-Class: Fast Subject: Call for remove setr[ug]id() and setre[ug]id() from libc Lines: 21 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1028 Sender: security-owner@FreeBSD.org Precedence: bulk Those fuctions never sets real [ug]id which strongly confuse programs which expect it to do. I.e. most autoconf scripts find them into library and suppose them to work. Moreover under some circumstanes they even return 0 instead of -1, i.e. mimics to working right. There is more backdoors: saved[ug]id = get[ug]id() is static variable which is set on first call to setre[ug]id(). It is very depends _where_ you call it for first time. All this problems give us potential security hole in case f.e. when real id == root, it is never changed to user id with this functions, but program assume it done. I vote for removing this fuctions completely from library sources, it is only one safe variant, if we can't implement them in 100%. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849