From: Amon Ott <ao@rsbac.org>
Subject: Re: About setreuid() and setresuid()
Date: Thu, 29 Mar 2001 12:10:10 +0200
Next Article (by Author): Re: Feature request for 1.2 (or for 2.0) Amon Ott
Previous Article (by Author): Re: Re[2]: RSBAC v1.1.1 problem Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Next in Thread: Re: About setreuid() and setresuid() Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
On Don, 29 Mär 2001 Stanislav Ievlev wrote:
> It's not a bug, but not correct.
>
> System calls sys_setreuid(ruid,euid) and sys_setresuid(ruid,euid,suid)
> allow to use "-1" for parametres (e.g. sys_setreuid(-1,euid) ). Result
> of this action - nothing to change. Many programs use this feature (e.g.
> postfix, make).
>
> But RSBAC check ruid in this calls without "-1" uid support. As a result
> we have a lot of unnecessary checkings and "NOT GRANTED" . It's also bad
> for benchmark of RSBAC systems.
>
> I'm sending a patch for 2.4.2 kernel to make this checking more flexible.
I just changed the sys_setre[s]{u|g}id behaviour:
If real id is -1, effective id is used. Still, adf_set_attr is only called, if
real id has changed.
I will test how the system reacts, because this means checking for effective
ids as well. I might change it again to ignore calls with real id -1, like you
proposed.
Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Author): Re: Feature request for 1.2 (or for 2.0) Amon Ott
Previous Article (by Author): Re: Re[2]: RSBAC v1.1.1 problem Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Next in Thread: Re: About setreuid() and setresuid() Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]