From owner-freebsd-security Thu Apr 27 21:40:29 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id VAA28010 for security-outgoing; Thu, 27 Apr 1995 21:40:29 -0700 Received: from news.rim.or.jp (news.rim.or.jp [202.255.181.3]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA28004 for ; Thu, 27 Apr 1995 21:40:25 -0700 Received: (from uucp@localhost) by news.rim.or.jp (8.6.10+2.4W/3.3W-rim1.0) with UUCP id NAA06252 for security@FreeBSD.org; Fri, 28 Apr 1995 13:40:22 +0900 Received: from us.and.or.jp (localhost [127.0.0.1]) by us.and.or.jp (8.6.11/3.3W8) with ESMTP id NAA00812 for ; Fri, 28 Apr 1995 13:36:15 +0900 Message-Id: <199504280436.NAA00812@us.and.or.jp> Reply-To: sa2c@st.rim.or.jp To: security@FreeBSD.org Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc Date: Fri, 28 Apr 1995 13:36:14 +0900 From: NIIMI Satoshi Sender: security-owner@FreeBSD.org Precedence: bulk I've noticed with -current that when euid is not equal to ruid, setuid(euid) fails but setreuid(euid, euid) successes. But once setreuid(euid, -1) or setreuid(euid, euid), setuid(euid) sccesses. Please unify the rule for setre[ug]id() and set[ug]id(): a) It is possible to change ruid if target is same as saved uid. or b) Only the superuser can change ruid. IMHO: There is no need to give users the pass to change real user id. The main aim of setre[ug]id() in 4.3BSD was to change e[ug]id. This can be done by only sete[ug]id() in 4.4BSD. -- NIIMI Satoshi