Subject: Re: commoning up code that changes uids and gids
To: David Laight <firstname.lastname@example.org>
From: Jaromir Dolecek <email@example.com>
Date: 03/09/2003 18:29:54
Well, I don't want to be dense, but ...
1. I complained and you committed nevertheless
2. Did you get any review of the change by anyone?
3. Where are regression tests you used to confirm your changes ddon't
change behaviour of the syscalls?
Also, you didn't adress the issue I raised - that ruid
in sys_setreuid() is always set to as 'p->p_cred->p_ruid ? -1 : euid;',
so the previous 'if (ruid == -1) ruid = p->p_cred->p_ruid;' has
no effect. Other routines might have similar issues.
It also seems new do_setres[ug]id() might return error in some
cases which it didn't before - at least it looked so when I scanned
setuid/setgid code changes before. Also, you didn't answer
if you made sure the Linux code indeed works as well as before.
I believe you should be 200% sure the code is right _before_
commit, and have regression tests for that. You change the
very foundations of unix security model, and any mistake
here means major compromise.
I'd say it would be appropriate to back your change off.
David Laight wrote:
> > Unless anyone objects I'll commit the change later in the week
> David Laight: firstname.lastname@example.org
Jaromir Dolecek <jdolecek@NetBSD.org> http://www.NetBSD.org/
-=- We should be mindful of the potential goal, but as the tantric -=-
-=- Buddhist masters say, ``You may notice during meditation that you -=-
-=- sometimes levitate or glow. Do not let this distract you.'' -=-