Subject: Re: Addition to force open to open only regular files
To: None <tech-kern@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 11/30/2000 14:11:50
[ On Thursday, November 30, 2000 at 20:02:26 (+0900), Noriyuki Soda wrote: ]
> Subject: Re: Addition to force open to open only regular files
>
> But what I'm recommending is not removing setreuid(2) and setregid(2)
> from libc and kernel (this cannot be done without changing libc major number),
> but removing reference to setreuid(2) and setregid(2) from our
> applications just like removing reference to gets(3).

You can disable it in the kernel -- I've done that and replaced it with
a log() call and so far haven't encountered any places where it's been
used in the last week or so.

> As Matt mentioned, NetBSD doesn't confirm to POSIX.1 about setuid-non-root
> program behaviour of setuid(2), and never will conform to POSIX.1 about
> this due to the behaviour of NetBSD is more secure than POSIX.1.

NetBSD is *not*, by design, more secure than POSIX.1.  !!!!

The fact that a setuid-non-root process can forever give up its
privileges makes little, or no, difference in the end.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>