Date: Thu, 20 Apr 1995 00:03:39 +0200 (MET DST) From: roberto@blaise.ibp.fr (Ollivier Robert) To: ache@astral.msk.su (Andrey A. Chernov, Black Mage) Cc: arch@FreeBSD.org, core@FreeBSD.org, security@FreeBSD.org Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <199504192203.AAA29578@blaise.ibp.fr> In-Reply-To: <OH5bMbl8U5@astral.msk.su> from "Andrey A. Chernov, Black Mage" at Apr 19, 95 11:49:25 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Those fuctions never sets real [ug]id which strongly confuse > programs which expect it to do. I.e. most autoconf scripts > find them into library and suppose them to work. > Moreover under some circumstanes they even return 0 instead > of -1, i.e. mimics to working right. There is more backdoors: > saved[ug]id = get[ug]id() is static variable which is > set on first call to setre[ug]id(). It is very depends _where_ > you call it for first time. We should implement them correctly in order to achieve POSIX saved uids compatibility and compatibility with the rest of UNIX... More, if you remove them from libc we should bump the *major* version number of libc... > I vote for removing this fuctions completely from library > sources, it is only one safe variant, if we can't implement > them in 100%. I think we can make them work. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@FreeBSD.ORG FreeBSD keltia 2.0.950416-SNAP #17: Sun Apr 16 17:12:07 MET DST 1995
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504192203.AAA29578>