From owner-cvs-lib Wed Mar 26 20:00:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA01371 for cvs-lib-outgoing; Wed, 26 Mar 1997 20:00:51 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA01355; Wed, 26 Mar 1997 20:00:43 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.5/8.6.9) id OAA06953; Thu, 27 Mar 1997 14:50:32 +1100 Date: Thu, 27 Mar 1997 14:50:32 +1100 From: Bruce Evans Message-Id: <199703270350.OAA06953@godzilla.zeta.org.au> To: peter@spinner.dialix.com, phk@critter.dk.tfs.com Subject: Re: cvs commit: src/lib/libtermcap pathnames.h termcap.c Cc: ache@nagual.ru, cvs-all@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-lib@freefall.freebsd.org, fenner@parc.xerox.com, imp@village.org Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >> Well, access_as(2) alone will not do it, you would need a open_as(2), >> unlink_as(2), rename_as(2) and so on... > >Err, yeah. I knew that.. :-) Please ignore my previous simplistic reply >about access. :-). With setfsuid() etc in a setuid process, you'd do >this: > >setfsuid(getuid()); >fd = open(..) >setfsuid(geteuid()); You could also add warnings: warning: this program uses access(), which is unsafe. access() would be unsafer than now, since the effective fs uuid would be more variable. And while we're here: warning: this program uses tmpfile(), which is unsafe. warning: this program uses tmpnam(), which is unsafe. warning: this program uses tempnam(), which is unsafe. warning: this program uses mktemp(), which is unsafe. warning: this program uses mkstemp(), which is yet another wrong interface (it should allow setting the open mode). Bruce