Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <firstname.lastname@example.org>
From: Olaf Seibert <email@example.com>
Date: 11/18/2000 14:51:24
On Fri 17 Nov 2000 at 20:55:58 -0500, Greg A. Woods wrote:
> My proposal for new getsuid(2) and getsgid(2) calls intended to retrieve
> the saved set-ID credentials is really only put forth to be pedantic.
> You can easily determine them if you want because they are equivalent
> to the effective-IDs when the process first starts. It's just a matter
> of squirrelling away user-land copies early on.
> However I'd rather be able to get these values from directly from the
> kernel at any old time rather than have to keep track of them in
Exactly, because anything you store in userland is subject to buffer
overflows and such. Any argument to an open_as() function is subject to
attack. This would be an argument for *not* passing a uid to an
open_as() function, in addition to what you write later.
> In fact it may be possible to show that open_as(2) need not do anything
> but operate as if it were the real user, just as access(2) does -- i.e.
> that it does not need any parameters different than open(2).
___ Olaf 'Rhialto' Seibert - rhialto@polder -- Ah only did well at school
\X/ land.nl -- tae git intae an O level class tae git away fae Begbie.
Hi! I am a .signature virus. Copy me into your .signature to help me spread.