Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Mar 1997 08:16:57 +0100
From:      Poul-Henning Kamp <phk@critter.dk.tfs.com>
To:        Peter Wemm <peter@spinner.dialix.com>
Cc:        Bill Fenner <fenner@parc.xerox.com>, ache@nagual.ru, imp@village.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org
Subject:   Re: cvs commit: src/lib/libtermcap pathnames.h termcap.c 
Message-ID:  <13762.859447017@critter>
In-Reply-To: Your message of "Thu, 27 Mar 1997 11:12:08 %2B0800." <199703270312.LAA04087@spinner.DIALix.COM> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <199703270312.LAA04087@spinner.DIALix.COM>, Peter Wemm writes:
>Poul-Henning Kamp wrote:
>> In message <97Mar24.094840pst.177486@crevenia.parc.xerox.com>, Bill Fenner w
>r
>    it
>> es:
>> >I think a lot would be solved by having a library function like
>> >access() that also accepts a UID.  Then the don't-let-people-access-
>> >files-in-a-setuid-program-that-they-wouldn't-normally-have-access-to
>> >problem, instead of being solved in N different setuid programs,
>> >could be solved once.
>> 
>> Well, access_as(2) alone will not do it, you would need a open_as(2),
>> unlink_as(2), rename_as(2) and so on...
>
>Err, yeah.  I knew that.. :-)  Please ignore my previous simplistic reply 
>about access. :-).  With setfsuid() etc in a setuid process, you'd do
>this: 
>
>setfsuid(getuid());
>fd = open(..)
>setfsuid(geteuid());
>
>And similar for daemons that are running as root but want to access files 
>as a user, eg: ftpd.  It works for open, unlink, rename, link, chmod, etc 
>etc, the entire set of VFS syscalls.

It sounds to me like adding [gs]etfs[ug]id(2) might be a worthwhile 
addtion to our arsenal of protections...


--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@tfs.com           TRW Financial Systems, Inc.
Power and ignorance is a disgusting cocktail.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13762.859447017>