Date: Sat, 20 Jul 2002 13:15:11 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Julian Elischer <julian@vicor.com> Cc: current@freebsd.org Subject: Re: [Fwd: FreeBSD/Linux kernel setgid implementation] Message-ID: <20020720131426.T15254-100000@gamplex.bde.org> In-Reply-To: <20020720130233.Y15254-100000@gamplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Jul 2002, Julian Elischer wrote: > forwarded from bugtraq.. > Indeed, with their rigourous methodology, the authors did detect this error in the setgid linux manpage on Red Hat 7.2. I just wonder if they reported it (the manpage on www.linux.org is still inaccurate at the moment). > This paper also reports a real example of a program with the setgid flag only, that thinks it can drop all privileges by calling setgid(getgid()). It is OK on FreeBSD, but not on Linux... This point will have to be revisited son, since POSIX-1.2001 requires _POSIX_SAVED_IDS. I think the full brokenness of _POSIX_SAVED_IDS can be avoided using a suitably weaselish definition of "appropriate" privilege (give everyone that can do set[ug]id() appropriate privilege, so that doing it drops the extra saved [ug]id privilege). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020720131426.T15254-100000>