Subject: Re: Addition to force open to open only regular files
To: Greg Hudson <ghudson@MIT.EDU>
From: Noriyuki Soda <email@example.com>
Date: 11/29/2000 21:00:34
>>>>> On Tue, 28 Nov 2000 01:20:12 -0500, Greg Hudson <ghudson@MIT.EDU> said:
ghudson> Even Chris Torek's suggestion that setuid programs should run with the
ghudson> real uid except at specific points doesn't really solve the problem.
ghudson> Say a setuid program needs to get and use Kerberos tickets as root
ghudson> (because it's fetching them from a keytab readable only by root).
ghudson> Using the Kerberos tickets as root involves doing hostname lookups as
ghudson> root. Doing hostname lookups as root bumps up against the HOSTALIASES
ghudson> (I'm not sure there is a satisfactory solution, other than deciding
ghudson> that library routines shouldn't reference environment variables. And
ghudson> that would conflict with history and--in some cases--standards, so it
ghudson> doesn't really work either.)
Why aren't you satisfied with the following pseudo code?
(If setreuid() is deprecated, the following code should work.)
euid = geteuid();
if (getuid() != euid)
fp = fopen($HOSTALIASES, "r");
if (geteuid() != euid)
Do you want to preserve setreuid()? If so, why?