From owner-cvs-lib Thu Mar 27 00:42:32 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA14247 for cvs-lib-outgoing; Thu, 27 Mar 1997 00:42:32 -0800 (PST) Received: from critter.dk.tfs.com ([140.145.230.252]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA14194; Thu, 27 Mar 1997 00:42:17 -0800 (PST) Received: from critter (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.5/8.8.5) with ESMTP id IAA13764; Thu, 27 Mar 1997 08:16:57 +0100 (CET) To: Peter Wemm cc: Bill Fenner , ache@nagual.ru, imp@village.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libtermcap pathnames.h termcap.c In-reply-to: Your message of "Thu, 27 Mar 1997 11:12:08 +0800." <199703270312.LAA04087@spinner.DIALix.COM> Date: Thu, 27 Mar 1997 08:16:57 +0100 Message-ID: <13762.859447017@critter> From: Poul-Henning Kamp Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message <199703270312.LAA04087@spinner.DIALix.COM>, Peter Wemm writes: >Poul-Henning Kamp wrote: >> In message <97Mar24.094840pst.177486@crevenia.parc.xerox.com>, Bill Fenner w >r > it >> es: >> >I think a lot would be solved by having a library function like >> >access() that also accepts a UID. Then the don't-let-people-access- >> >files-in-a-setuid-program-that-they-wouldn't-normally-have-access-to >> >problem, instead of being solved in N different setuid programs, >> >could be solved once. >> >> Well, access_as(2) alone will not do it, you would need a open_as(2), >> unlink_as(2), rename_as(2) and so on... > >Err, yeah. I knew that.. :-) Please ignore my previous simplistic reply >about access. :-). With setfsuid() etc in a setuid process, you'd do >this: > >setfsuid(getuid()); >fd = open(..) >setfsuid(geteuid()); > >And similar for daemons that are running as root but want to access files >as a user, eg: ftpd. It works for open, unlink, rename, link, chmod, etc >etc, the entire set of VFS syscalls. It sounds to me like adding [gs]etfs[ug]id(2) might be a worthwhile addtion to our arsenal of protections... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.