Date: Thu, 10 Jun 2004 13:26:11 +0200 From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org> To: hackers@freebsd.org Subject: Re: Semantics of "seteuid(uid)" vs. "setreuid(-1,uid)" Message-ID: <20040610112611.GA15304@StefanEsser.FreeBSD.org> In-Reply-To: <20040607083051.GA13982@VARK.homeunix.com> References: <20040606124734.GA2687@StefanEsser.FreeBSD.org> <20040607083051.GA13982@VARK.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-06-07 01:30 -0700, David Schultz <das@FreeBSD.ORG> wrote: > On Sun, Jun 06, 2004, Stefan Eer wrote: > > Any reason, that there is a difference in semantics between: > > > > seteuid(id) vs. setreuid(-1, id) ??? > > > > The tests performed on the arguments are different (assuming a > > fixed arg of -1 for ruid) in that seteuid does not support the > > case of (euid == cr_uid): > > [...] > > Is the difference between seteuid() and setreuid() deliberate ? > > The best rationale I can think of is that setreuid(x, geteuid()) > does something useful, whereas seteuid(geteuid()) is a no-op. I > think the seteuid() behavior you complain about exists for purely > historical reasons. POSIX does not require seteuid(geteuid()) to > succeed, but it implicitly allows it as an extension. Solaris and > Linux have this extension. The trouble with tweaking the > interface is that you always have to ask: what new security holes > could this open up in existing software? Thanks for the reply. I'm afraid that there might be security risks and/or broken programs in the system. Problem is, that the current behaviour breaks programs in ports, that expect seteuid to behave the same as setreuid(-1,uid) does on FreeBSD. But this can be fixed in the individual ports ... > Hao Chen points out that the failure of seteuid(geteuid()) in > FreeBSD is one of many tricky issues with using the set*uid() > interface portably. In my (biased) opinion, his Setuid > Demystified paper, is well worth reading if you want to untangle > this stuff in your mind: > > http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf Thank you for the pointer: Interesting reading ! Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040610112611.GA15304>