From owner-freebsd-security  Thu Apr 27 21:40:29 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id VAA28010
          for security-outgoing; Thu, 27 Apr 1995 21:40:29 -0700
Received: from news.rim.or.jp (news.rim.or.jp [202.255.181.3])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id VAA28004
          for <security@FreeBSD.org>; Thu, 27 Apr 1995 21:40:25 -0700
Received: (from uucp@localhost) by news.rim.or.jp (8.6.10+2.4W/3.3W-rim1.0) with UUCP id NAA06252 for security@FreeBSD.org; Fri, 28 Apr 1995 13:40:22 +0900
Received: from us.and.or.jp (localhost [127.0.0.1]) by us.and.or.jp (8.6.11/3.3W8) with ESMTP id NAA00812 for <security@FreeBSD.org>; Fri, 28 Apr 1995 13:36:15 +0900
Message-Id: <199504280436.NAA00812@us.and.or.jp>
Reply-To: sa2c@st.rim.or.jp
To: security@FreeBSD.org
Subject: Re: Call for remove setr[ug]id() and setre[ug]id() from libc
Date: Fri, 28 Apr 1995 13:36:14 +0900
From: NIIMI Satoshi <sa2c@and.or.jp>
Sender: security-owner@FreeBSD.org
Precedence: bulk

I've noticed with -current that when euid is not equal to ruid,
setuid(euid) fails but setreuid(euid, euid) successes.

But once setreuid(euid, -1) or setreuid(euid, euid), setuid(euid)
sccesses.

Please unify the rule for setre[ug]id() and set[ug]id():

a) It is possible to change ruid if target is same as saved uid.
or
b) Only the superuser can change ruid.

IMHO: There is no need to give users the pass to change real user id.
The main aim of setre[ug]id() in 4.3BSD was to change e[ug]id.  This
can be done by only sete[ug]id() in 4.4BSD.
--
NIIMI Satoshi