Subject: Re: commoning up code that changes uids and gids
To: Jaromir Dolecek <>
From: David Laight <>
List: tech-kern
Date: 03/09/2003 19:19:29
> Also, you didn't adress the issue I raised - that ruid
> in sys_setreuid() is always set to as 'p->p_cred->p_ruid ? -1 : euid;',
> so the previous 'if (ruid == -1) ruid = p->p_cred->p_ruid;' has
> no effect. Other routines might have similar issues.

svuid = ruid == p->p_cred->p_ruid ? -1 : euid;

Is an assignment to svuid, not ruid.

> It also seems new do_setres[ug]id() might return error in some
> cases which it didn't before - at least it looked so when I scanned
> setuid/setgid code changes before.

Name a case.

> Also, you didn't answer
> if you made sure the Linux code indeed works as well as before.

The linix code matches my the old code, and also what linux does
- namely that you can set and of uid values to any of the others
without restriction.

> I believe you should be 200% sure the code is right _before_
> commit, and have regression tests for that. You change the
> very foundations of unix security model, and any mistake
> here means major compromise.

I've been running it localy for a long time.

> I'd say it would be appropriate to back your change off.

Various people who can read C better than you seem able to checked it.

From a security point of view, there are MUCH less likely to be problems
in the new code than in the old - since the changes that non-root
users can make are now absolutely transparent.


David Laight: