Subject: Re: Addition to force open to open only regular files
To: None <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 11/30/2000 14:11:50
[ On Thursday, November 30, 2000 at 20:02:26 (+0900), Noriyuki Soda wrote: ]
> Subject: Re: Addition to force open to open only regular files
> But what I'm recommending is not removing setreuid(2) and setregid(2)
> from libc and kernel (this cannot be done without changing libc major number),
> but removing reference to setreuid(2) and setregid(2) from our
> applications just like removing reference to gets(3).
You can disable it in the kernel -- I've done that and replaced it with
a log() call and so far haven't encountered any places where it's been
used in the last week or so.
> As Matt mentioned, NetBSD doesn't confirm to POSIX.1 about setuid-non-root
> program behaviour of setuid(2), and never will conform to POSIX.1 about
> this due to the behaviour of NetBSD is more secure than POSIX.1.
NetBSD is *not*, by design, more secure than POSIX.1. !!!!
The fact that a setuid-non-root process can forever give up its
privileges makes little, or no, difference in the end.
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>