[ On Monday, November 13, 2000 at 21:18:24 (+1100), matthew green wrote: ]
> Subject: re: Addition to force open to open only regular files 
>
>    
> 	- setr*id() is easy to use safely, and has been used safely in programs
> 	for N years.

That's not true.  Many different mistakes (or rather unfounded
assumptions) in often unrelated subsystems have resulted in
vulnerabilities in the setr*id() mechanisms, particularly when superuser
privileges are involved.

Those mistakes *will* be made again in the future.

> 	- seteuid() based saved-id's are, from what i've seen, the best way
> 	to manage these priviledges sanely.

Well, when the superuser is involved even then there are caveats.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>