Subject: Re: setreuid "warning" severely bogus
To: None <current-users@sun-lamp.cs.berkeley.edu, roland@frob.com>
From: Chris G. Demetriou <cgd@alpha.bostic.com>
List: current-users
Date: 06/24/1994 02:45:15
>But setreuid
>works fine!  It is just deprecated, not dangerous!  It is severely,
>deeply, horrendously obnoxious for the library function to print to
>stderr!

i agree that it's ugly to do so.  however, i'm the person who
perpetrated the "crime," in this case, and i think i'll explain why:

The current version of setreuid(), which was beaten on so that
the setuid(), etc., calls conform to the POSIX_SAVED_IDS proposed
mod to POSIX's def'n for those functions, does _not_ work correctly.
I suggest you look at the code; it tries to, at best, fake out
one of the three or four common usages of setreuid().  The other cases
are simply _broken_ with the current setreuid, and could be a serious
security problem, depending on the code that uses them.


re: the changes to make ld print warnings:  does our LD currently
support that?  (I forget.)  If so, please send me the diffs ASAP,
as well as a description of what they do (EXACTLY), and how to use
them.




chris

------------------------------------------------------------------------------