Subject: Re: setreuid "warning" severely bogus
To: None <current-users@sun-lamp.cs.berkeley.edu, roland@frob.com>
From: Chris G. Demetriou <cgd@alpha.bostic.com>
List: current-users
Date: 06/24/1994 02:45:15
>But setreuid
>works fine! It is just deprecated, not dangerous! It is severely,
>deeply, horrendously obnoxious for the library function to print to
>stderr!
i agree that it's ugly to do so. however, i'm the person who
perpetrated the "crime," in this case, and i think i'll explain why:
The current version of setreuid(), which was beaten on so that
the setuid(), etc., calls conform to the POSIX_SAVED_IDS proposed
mod to POSIX's def'n for those functions, does _not_ work correctly.
I suggest you look at the code; it tries to, at best, fake out
one of the three or four common usages of setreuid(). The other cases
are simply _broken_ with the current setreuid, and could be a serious
security problem, depending on the code that uses them.
re: the changes to make ld print warnings: does our LD currently
support that? (I forget.) If so, please send me the diffs ASAP,
as well as a description of what they do (EXACTLY), and how to use
them.
chris
------------------------------------------------------------------------------