On 10 Sep 1999, Chris G. Demetriou wrote:

# Gandhi woulda smacked you <greywolf@starwolf.com> writes:
# > # I'd say that this inherited attribute -- as well as other attributes
# > # which should exist and be inherited, such as unaligned access handling
# > # -- should revert to their system-wide defaults upon set-id exec (and
# > # maybe anything that sets P_SUGID, but i'm less sure about that).
# > # 
# > # Obviously, these attributes don't exist yet, so code to reset them or
# > # otherwise properly handle them can't exist yet.  8-)
# > 
# > So you're thinking that login now has to change its uid, and exec
# > something that execs the user's login shell.  This means that a user's
# > login shell will not dump a core unless we jump through this hoop.
# 
# Uh, why do you say this?  i don't think it follows from anything i said...

Okay, maybe I'm confused.  I'll tell you where I went, and you tell me
where I got lost.

1.  login is a set-uid executable.  When it is run, P_SUGID will be set.
2.  login will then setuid from root to the user it has verified.  P_SUGID
    is set here.
3.  As I saw it stated, because a successful set-id has occurred in login
	(twice, but once is all it takes), when login execs the shell
	the shell will also have P_SUGID set.  Thus you have to exec
	something as the user, without setting ids, which will then
	execute the shell in order to clear P_SUGID.

...upon reflection, I got lost somewhere in #3 by assumption, I'm sure,
but that's how I read it.  Please correct me and show me what I misread.


# 
# 
# 
# cgd
# -- 
# Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
# Disclaimer: Not speaking for NetBSD, just expressing my own opinion.
# 


				--*greywolf;
--
Microsoft:
	"Just click on the START button and your journey to the Dark Side
	 will be complete!"