Date: Wed, 19 Apr 1995 23:49:25 +0400 From: "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: arch@FreeBSD.org, core@FreeBSD.org, security@FreeBSD.org Subject: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <OH5bMbl8U5@astral.msk.su>
next in thread | raw e-mail | index | archive | help
Those fuctions never sets real [ug]id which strongly confuse programs which expect it to do. I.e. most autoconf scripts find them into library and suppose them to work. Moreover under some circumstanes they even return 0 instead of -1, i.e. mimics to working right. There is more backdoors: saved[ug]id = get[ug]id() is static variable which is set on first call to setre[ug]id(). It is very depends _where_ you call it for first time. All this problems give us potential security hole in case f.e. when real id == root, it is never changed to user id with this functions, but program assume it done. I vote for removing this fuctions completely from library sources, it is only one safe variant, if we can't implement them in 100%. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OH5bMbl8U5>