Subject: Re: commoning up code that changes uids and gids
To: None <tech-kern@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-kern
Date: 03/04/2003 13:15:01
In article <20030304130245.G3346@snowdrop.l8s.co.uk>,
David Laight <david@l8s.co.uk> wrote:
>On Tue, Mar 04, 2003 at 04:20:07PM +1100, matthew green wrote:
>>
>> * Why not add setresuid() and setresgid() system calls?
>> Other systems (hp-ux, linux (?), etc) have them, and they
>> could be useful here too?
>> Maybe the "kernel style" / "standard" gurus have comments
>> on this one.
>>
>>
>> please don't add these unless you really really really really need to.
>
>I've misunderstood that as a vote against my do_setu/gid change :-(
Yes, the argument there was to providing native setre{s,g}uid(2),
calls which is not desired as others have pointed out. Providing
the do_setres{u,g}id() functions and implementing all the system
calls in terms of them, improves the security model and IMHO is
desirable from both a centralization point of view, and code size
reduction.
christos