From: Amon Ott <ao@rsbac.org>
Subject: Re: About setreuid() and setresuid()
Date: Thu, 29 Mar 2001 16:08:57 +0200
Next Article (by Subject): About your ad in FAPIA.COM "Steve Power - PDE"
Previous Article (by Subject): Re: About setreuid() and setresuid() Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]
On Don, 29 Mär 2001 Amon Ott wrote:
> On Don, 29 Mär 2001 Stanislav Ievlev wrote:
> > It's not a bug, but not correct.
> >
> > System calls sys_setreuid(ruid,euid) and sys_setresuid(ruid,euid,suid)
> > allow to use "-1" for parametres (e.g. sys_setreuid(-1,euid) ). Result
> > of this action - nothing to change. Many programs use this feature (e.g.
> > postfix, make).
> >
> > But RSBAC check ruid in this calls without "-1" uid support. As a result
> > we have a lot of unnecessary checkings and "NOT GRANTED" . It's also bad
> > for benchmark of RSBAC systems.
> >
> > I'm sending a patch for 2.4.2 kernel to make this checking more flexible.
>
> I just changed the sys_setre[s]{u|g}id behaviour:
> If real id is -1, effective id is used. Still, adf_set_attr is only called, if
> real id has changed.
>
> I will test how the system reacts, because this means checking for effective
> ids as well. I might change it again to ignore calls with real id -1, like you
> proposed.
Changed again. Now only changes to real uid get checked, like it had
effectively been before.
Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Subject): About your ad in FAPIA.COM "Steve Power - PDE"
Previous Article (by Subject): Re: About setreuid() and setresuid() Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]