Subject: re: Addition to force open to open only regular files
To: Matthew Orgass <darkstar@pgh.net>
From: matthew green <mrg@eterna.com.au>
List: tech-kern
Date: 11/24/2000 16:34:35
> setr*[ug]id() don't offer any useful semantics not achievable via
> other set*[ug]id() and make things difficult for those library routines
> which need to know original real id in order to be able to do exploitable
> things with id of user who runs the binary.
This is not true. In fact, setre[ug]id offers two features not
available otherwise: 1) root-started programs can pretend they were
started by another user and/or group, and 2) non-root programs can setuid
to the effective user id. #1 is valid, but #2 should have been done by
simply allowing setuid to the effective user id (so they are never
swapped) and not allowing non-root users to access setreuid.
#1 is incorrect so it doesn't count.
#2 is also incorrect so it doesn't count, either.
you should go understand how 4.4BSD setuid()/seteuid() works and see why
they removed the setr*id() calls completely! everything works and is
simple with the 4.4BSD calls...
.mrg.