Subject: Re: Politically Correct way of doing password authentication?
To: Greg Earle <earle@isolar.Tujunga.CA.US>
From: Ken Hornstein <>
List: current-users
Date: 09/17/1994 02:48:32
>I needed a screen locker for my NetBSD/SPARC X11 R6 setup, so I pulled over my
>favorite multi-purpose "xlock" successor, "xlockmore" (xlockmore-1.12, for
>those of you playing along at home).  After getting around a couple of thorny
>porting problems, I got it working - except for the password authentication.
>Other than the canonical "login" program, what is the correct (PC or otherwise
>way to deal with this in NetBSD?  Leave it installed setuid root and punt?  Or
>figure out a "proper" way to bracket the password checking code with the
>appropriate uid-setting/unsetting calls?

I'd lean toward the latter; I definately would not want a program I hadn't
looked at pretty carefully to be setuid all the time.

>(Sorry, but trying to remember all of the semantics of how - and which - to us
> out of setreuid/setruid/setrgid/setuid/seteuid/setgid/setegid just gives me a
> headache ... (-: )

Chris D. send out a message a little while back that coverered it pretty good.
The gist is:

Use seteuid() to change the effective uid, use setuid() to set all three uid's
(real, effective, and saved) so you can't go back, and don't use setreuid()
at all.

So in xlockmore, I would do something like this:

seteuid(getuid());	<-- give away root

seteuid(0);		<-- become root
read password
seteuid(getuid());	<-- give away root

I don't know if xlockmore reads the password only once, or eeach time you
type it in.  It would be more secure if the last line was: