[ On Wednesday, November 29, 2000 at 20:49:13 (+0900), Noriyuki Soda wrote: ]
> Subject: Re: Addition to force open to open only regular files 
>
> We don't have to re-writing the syscall interfaces.
> Because saved-id feature already provides the way to resolve
> the $HOSTALIASES problem, if setre{u,g}id(2) is deprecated.
> And because proposals in this thread (including half-open,
> open-only-normal-files, fsetuid, open_as) doesn't provide anything
> other than the features which saved-id already provides.

Well if you ignore the fact that at least some number of
buffer-overflow, printf-format, and similar types of exploits which
introduce new unauthorised code to a set-ID process would be cut off
before they get anywhere near being able to do anything privileged, then
yes, I suppose this is true....

However if you want to provide an os-level, designed, fix for buffer
overflow and such exploits without breaking the ability of a set-ID
programmer to access files as the original real user, then something
like open_as() is absolutely necessary because sete*id() and setre*id()
MUST be disabled in order to successfully implement such a fix.

> (The one who proposed open_as should think that his way of disabling
>  seteuid breaks some critical features like "su" command. That is
>  completely unacceptable, so the proposal should be avoided.)

What/who the heck are you talking about?

Su only uses setuid(), not seteuid() or setreuid().  I've never
seriously proposed changing setuid(2).

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>