Subject: Re: setreuid() and setregid()
To: Charles M. Hannum <mycroft@mit.edu>
From: Greg A. Woods <woods@kuma.web.net>
List: tech-kern
Date: 05/22/1996 11:59:05
[ On , May 21, 1996 at 23:16:10 (-0400), Charles M. Hannum wrote: ]
> Subject: setreuid() and setregid()

> I find it fairly bogus that we implement these functions incorrectly.
> I propose implementing them as specified in 4.3BSD, with three
> additional changes to enforce the 4.4BSD security model:

Your proposal seems OK, though I've not really drawn it out in detail so
I can see all the implications.  My ony concern with any such features
is that ideally it should not be possible for a process to go from root
to some other user, then regain root privs.  This breaks the Orange Book
C2 requirements.

-- 
							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>