Re: 1.2.11 and 1.3.2+ breaks ps

Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
Tue, 18 Jul 1995 16:44:07 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andreas Koppenhoefer: "Re: Running headless"
Previous message: Ian Jackson: "Re: 1.2.11 and 1.3.2+ breaks ps"
In reply to: Ian Jackson: "Re: 1.2.11 and 1.3.2+ breaks ps"

Ian Jackson:
> Marek Michalkiewicz writes ("1.2.11 and 1.3.2+ breaks ps"):
> > It is good that 1.2.11 fixes /proc security problems. But many people
> > don't like another change made in this version as well as in 1.3.2.
> > In previous versions (up to 1.2.10 and 1.3.1) ps always displayed the
> > effective uid of the process. Now it displays the real uid.
>
> There is a good reason for this change: it makes pidentd work
> correctly for rsh connections. Otherwise pidentd would always return
> `root'.
[...]
> It seems to me that the real fixes are one or both of:
> * Add an extra euid field to /proc/<nnn>/stat and let ps display it
> (optionally perhaps)
> * Change ftpd to use saved-setuid rather than setting its real uid
> to 0. For this we really need setresuid, which Linux doesn't have.

Thanks for explaining this. But, at least on SunOS and SCO, ps shows the
effective uid (tested by logging in via ftp to my account; assuming that
their ftpd works the same way as wu-ftpd on Linux). Maybe pidentd should
be changed to read the real uid (from the extra /proc/<nnn>/stat field)
instead?

SunOS and SCO don't seem to have setresuid (at least no man pages), I don't
have access to anything else. What systems have setresuid? I guess this
would not be very portable...

Marek

Next message: Andreas Koppenhoefer: "Re: Running headless"
Previous message: Ian Jackson: "Re: 1.2.11 and 1.3.2+ breaks ps"
In reply to: Ian Jackson: "Re: 1.2.11 and 1.3.2+ breaks ps"