Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <tech-kern@NetBSD.ORG>
From: Alistair Crooks <AlistairCrooks@excite.com>
Date: 12/01/2000 01:26:14
[Mail sent only to you, no cc's or bcc's - agc]
I really think that there's been a whole lot of heat in this discussion, and
not a whole lot of light. I also think that all sides are so entrenched that
a reasonable outcome is unattainable.
I appreciate your enthusiasm, but please could you try and curb it, remember
the audience, and try to be a bit less scatter-gun in your approach on the
NetBSD technical lists?
On Thu, 30 Nov 2000 14:11:50 -0500 (EST), NetBSD Kernel Technical Discussion
> [ On Thursday, November 30, 2000 at 20:02:26 (+0900), Noriyuki Soda
> > Subject: Re: Addition to force open to open only regular files
> > But what I'm recommending is not removing setreuid(2) and setregid(2)
> > from libc and kernel (this cannot be done without changing libc major
> > but removing reference to setreuid(2) and setregid(2) from our
> > applications just like removing reference to gets(3).
> You can disable it in the kernel -- I've done that and replaced it with
> a log() call and so far haven't encountered any places where it's been
> used in the last week or so.
> > As Matt mentioned, NetBSD doesn't confirm to POSIX.1 about
> > program behaviour of setuid(2), and never will conform to POSIX.1 about
> > this due to the behaviour of NetBSD is more secure than POSIX.1.
> NetBSD is *not*, by design, more secure than POSIX.1. !!!!
> The fact that a setuid-non-root process can forever give up its
> privileges makes little, or no, difference in the end.
> Greg A. Woods
> +1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
> Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>
Alistair Crooks (email@example.com)
Tired of slow Internet? Get @Home Broadband Internet