On 2004-06-07 01:30 -0700, David Schultz <[EMAIL PROTECTED]> wrote: > On Sun, Jun 06, 2004, Stefan Eer wrote: > > Any reason, that there is a difference in semantics between: > > > > seteuid(id) vs. setreuid(-1, id) ??? > > > > The tests performed on the arguments are different (assuming a > > fixed arg of -1 for ruid) in that seteuid does not support the > > case of (euid == cr_uid): > > [...] > > Is the difference between seteuid() and setreuid() deliberate ? > > The best rationale I can think of is that setreuid(x, geteuid()) > does something useful, whereas seteuid(geteuid()) is a no-op. I > think the seteuid() behavior you complain about exists for purely > historical reasons. POSIX does not require seteuid(geteuid()) to > succeed, but it implicitly allows it as an extension. Solaris and > Linux have this extension. The trouble with tweaking the > interface is that you always have to ask: what new security holes > could this open up in existing software?
Thanks for the reply. I'm afraid that there might be security risks and/or broken programs in the system. Problem is, that the current behaviour breaks programs in ports, that expect seteuid to behave the same as setreuid(-1,uid) does on FreeBSD. But this can be fixed in the individual ports ... > Hao Chen points out that the failure of seteuid(geteuid()) in > FreeBSD is one of many tricky issues with using the set*uid() > interface portably. In my (biased) opinion, his Setuid > Demystified paper, is well worth reading if you want to untangle > this stuff in your mind: > > http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf Thank you for the pointer: Interesting reading ! Regards, STefan _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"