Re: About setreuid() and setresuid()


From: Amon Ott <ao@rsbac.org>
Subject: Re: About setreuid() and setresuid()
Date: Thu, 29 Mar 2001 16:08:57 +0200

Next Article (by Subject): About your ad in FAPIA.COM "Steve Power - PDE"
Previous Article (by Subject): Re: About setreuid() and setresuid() Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


On Don, 29 Mär 2001 Amon Ott wrote:
> On Don, 29 Mär 2001 Stanislav Ievlev wrote:
> > It's not a bug, but not correct.
> > 
> > System calls sys_setreuid(ruid,euid) and sys_setresuid(ruid,euid,suid) 
> > allow to use "-1" for parametres (e.g. sys_setreuid(-1,euid) ). Result 
> > of this action - nothing to change. Many programs use this feature (e.g. 
> > postfix, make).
> > 
> > But RSBAC check ruid in this calls without "-1" uid support. As a result 
> > we have a lot of unnecessary checkings and "NOT GRANTED" . It's also bad 
> > for benchmark of RSBAC systems.
> > 
> > I'm sending a patch for 2.4.2 kernel to make this checking more flexible.
> 
> I just changed the sys_setre[s]{u|g}id behaviour:
> If real id is -1, effective id is used. Still, adf_set_attr is only called, if
> real id has changed.
> 
> I will test how the system reacts, because this means checking for effective
> ids as well. I might change it again to ignore calls with real id -1, like you
> proposed.

Changed again. Now only changes to real uid get checked, like it had
effectively been before.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): About your ad in FAPIA.COM "Steve Power - PDE"
Previous Article (by Subject): Re: About setreuid() and setresuid() Amon Ott
Top of Thread: About setreuid() and setresuid() Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.