Re: About setreuid() and setresuid()


From: Amon Ott <ao@rsbac.org>
Subject: Re: About setreuid() and setresuid()
Date: Thu, 29 Mar 2001 12:10:10 +0200

Next Article (by Author): Re: Feature request for 1.2 (or for 2.0) Amon Ott
Previous Article (by Author): Re: Re[2]: RSBAC v1.1.1 problem Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Next in Thread: Re: About setreuid() and setresuid() Amon Ott
Articles sorted by: [Date] [Author] [Subject]


On Don, 29 Mär 2001 Stanislav Ievlev wrote:
> It's not a bug, but not correct.
> 
> System calls sys_setreuid(ruid,euid) and sys_setresuid(ruid,euid,suid) 
> allow to use "-1" for parametres (e.g. sys_setreuid(-1,euid) ). Result 
> of this action - nothing to change. Many programs use this feature (e.g. 
> postfix, make).
> 
> But RSBAC check ruid in this calls without "-1" uid support. As a result 
> we have a lot of unnecessary checkings and "NOT GRANTED" . It's also bad 
> for benchmark of RSBAC systems.
> 
> I'm sending a patch for 2.4.2 kernel to make this checking more flexible.

I just changed the sys_setre[s]{u|g}id behaviour:
If real id is -1, effective id is used. Still, adf_set_attr is only called, if
real id has changed.

I will test how the system reacts, because this means checking for effective
ids as well. I might change it again to ignore calls with real id -1, like you
proposed.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: Feature request for 1.2 (or for 2.0) Amon Ott
Previous Article (by Author): Re: Re[2]: RSBAC v1.1.1 problem Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Next in Thread: Re: About setreuid() and setresuid() Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.