Re: BEWARE! Linux seteuid is broken!

Theodore Y. Ts'o (tytso@mit.edu)
Fri, 14 Jun 1996 16:50:52 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: DUPRE Christophe: "Re: 2.2.0 wishlist"
Previous message: Richard Henderson: "Re: Resource limit test in binfmt_elf"
In reply to: A.N.Kuznetsov: "BEWARE! Linux seteuid is broken!"
Next in thread: really kuznet@ms2.inr.ac.ru: "Re: BEWARE! Linux seteuid is broken!"

From: "A.N.Kuznetsov" <kuznet@ms2.inr.ac.ru>
Date: Tue, 11 Jun 1996 13:28:31 +0400 (MSD)

POSIX seteuid DOES NOT CHANGE saved uid.

As I see, seteuid syscall was deleted from kernel
because someone decided that it is equivalent to setreuid(-1, euid).

setreuid changes saved uid, when euid != uid.
It breaks POSIX compliant programs.

Huh? seteuid() was never implemented; it's not in 1.2.x.

seteuid() is also not a POSIX function; it's not defined in POSIX. So
if you use it, you must be using it because you're interested in BSD
compliance.

Keep in mind that the whole notion of "effective" uid is non-POSIX. So
trying to mix effective uid and saved-uid is invariably going to cause
problems. I deliberately had setreuid() set the saved-uid because this
would seem to avoid certain security problems. See the comments in
kernel/sys.c for my justification for doing this.

- Ted

Next message: DUPRE Christophe: "Re: 2.2.0 wishlist"
Previous message: Richard Henderson: "Re: Resource limit test in binfmt_elf"
In reply to: A.N.Kuznetsov: "BEWARE! Linux seteuid is broken!"
Next in thread: really kuznet@ms2.inr.ac.ru: "Re: BEWARE! Linux seteuid is broken!"