Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <tech-kern@netbsd.org>
From: Jaromír Dolecek <dolecek@ibis.cz>
List: tech-kern
Date: 11/16/2000 09:06:49
Greg A. Woods wrote:
> This is a good thing.  Allowing a process that has run as an ordinary
> user to (re)gain superuser privileges is extremely dangerous and opens
> the system to many different kinds of possible vulnerabilities.  There
> have been several exploits available in the past to systems which have
> made this mistake and I have no doubt that there will be more in the
> future.  (Solaris-2.3 and its related bretheren are one example)

I think it's not about being able to seteuid() back to root
after setuid().
It's more about being able to switch effective id arbitrarily, without
affecting real id. After call to setuid(), the passed id gets
used as real id and effective id is droppped, so it's no longer possible
to switch between original real id and original effective id.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@