On Wed, 7 Jun 2000, Michal Kosek wrote:
> Hello,
> almost nobody answered to my mail once again. But I really want to know,
> if our patch is something you like, or not!
> And what about POSIX compliance? Do you think that it is good to modify
> the behaviour of setuid() as I did? Please look at the patch:
> ftp://ftp.v-lo.krakow.pl/pub/linux/patches/
>
> For these who don't have enough time to download it, I put here part of
> documentation, where it is mentioned how I modified setuid()...
>
> WHAT'S GOING ON WITH setuid(2) AND setgid(2)?
> This patch modifies the behaviour of these syscalls. Normal setuid(2)
> drops all his priviledges if it was called by root, but doesn't if it
> was called by normal user. Yes, it's because of POSIX.
> But now let's see at zgv. It is written as if it was suid-root. So it
> calls ioperm and then calls setuid to drop all his root priviledges.
> But now, if we make zgv suid to 'svga' user. Our uid is other than 0,
> so setuid won't change 'saved uid' and thus user will be able to setuid
> to 'svga' user back! Let's suppose we didn't turn 'access only to graphics
Bug in the app then, not the kernel. If POSIX saved uid's are likely to be
a pain, then it's the app's responsibility to use setreuid() instead of
setuid(). Likewise for setregid().
Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:28 EST