Date: Fri, 28 Apr 1995 13:36:14 +0900 From: NIIMI Satoshi <sa2c@and.or.jp> To: security@FreeBSD.org Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Message-ID: <199504280436.NAA00812@us.and.or.jp>
next in thread | raw e-mail | index | archive | help
I've noticed with -current that when euid is not equal to ruid, setuid(euid) fails but setreuid(euid, euid) successes. But once setreuid(euid, -1) or setreuid(euid, euid), setuid(euid) sccesses. Please unify the rule for setre[ug]id() and set[ug]id(): a) It is possible to change ruid if target is same as saved uid. or b) Only the superuser can change ruid. IMHO: There is no need to give users the pass to change real user id. The main aim of setre[ug]id() in 4.3BSD was to change e[ug]id. This can be done by only sete[ug]id() in 4.4BSD. -- NIIMI Satoshi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504280436.NAA00812>