Re: [RFC] getgroups2 system call

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: [RFC] getgroups2 system call
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Wed, 14 Dec 2011 09:19:23 -0500

On Wed, Dec 14, 2011 at 02:00:49PM +0000, Emmanuel Dreyfus wrote:
> On Wed, Dec 14, 2011 at 08:55:35AM -0500, Thor Lancelot Simon wrote:
> > So, um, whoever "considers" it that way -- they understand there are
> > security impliations to not doing it some other way?
> 
> Not quite. But BTW, what are the security implication? The only case
> I can think of is a thread doing a file operation while another one
> does a setgroups(2). Usual filesystem semantics require the operation 
> to be evaluated against older groups, but it maybe evaluated with newer
> ones.

I suspect the same condition is possible with nonblocking I/O.  But
the most obvious problem is that this can cause a program that tries
to drop privileges before doing a file operation to do so _after_ doing
the file operation.  There are probably several other similar issues.

Thor

References:
- Re: [RFC] getgroups2 system call
  - From: Thor Lancelot Simon
- Re: [RFC] getgroups2 system call
  - From: Emmanuel Dreyfus
- Re: [RFC] getgroups2 system call
  - From: Thor Lancelot Simon
- Re: [RFC] getgroups2 system call
  - From: Emmanuel Dreyfus

Prev by Date: Re: [RFC] getgroups2 system call
Next by Date: Re: Audio drivers- Difference between start_output and trigger_output.
Previous by Thread: Re: [RFC] getgroups2 system call
Next by Thread: Re: [RFC] getgroups2 system call
Indexes:

Home | Main Index | Thread Index | Old Index