netbsd-users: Setreuid not working as specified in NetBSD 1.0/i386

Subject: Setreuid not working as specified in NetBSD 1.0/i386
To: None <netbsd-users@NetBSD.ORG>
From: Curt Sampson <curt@portal.ca>
List: netbsd-users
Date: 08/10/1995 18:38:10

I was getting an error with the stock uucp in my i386 1.0 system:

    $ uucp somefile somesite!~
    uucp: open (portal/D./D.0008): Permission denied

It turns out that the uucp system (Taylor UUCP 1.04) is configured
to use setreuid(geteuid(), getuid()) (more or less) to change the
euid to the user so it can open the user's file. It then uses
setreuid(geteuid(), getuid()) again to swap the real and effective
user IDs back again.

Unfortuately, it seems that setreuid() doesn't set the real user ID
as it's supposed to, or at least doesn't do it in a way that makes
getuid() return the correct value. I can swap the two IDs back if I
give it the original euid, but I don't get that original euid back from
getuid():

    $ cat ts.c
    /* test reversal of setreuid */

    #include <sys/types.h>
    #include <unistd.h>

    main()
    {
	printf("uid: %d euid: %d\n", getuid(), geteuid());
	printf("setreuid = %d\n", setreuid(geteuid(), getuid()));
	printf("uid: %d euid: %d\n", getuid(), geteuid());
	printf("setreuid = %d\n", setreuid(geteuid(), getuid()));
	printf("uid: %d euid: %d\n", getuid(), geteuid());
    }
    $ ls -l ts
    -rwsr-xr-x  1 uucp  staff  13974 Aug 10 18:16 ts
    $ ./ts
    uid: 1000 euid: 66
    setreuid = 0
    uid: 1000 euid: 1000
    setreuid = 0
    uid: 1000 euid: 1000

So, we go look for the function to see what's going on, and in
sys/kern/kern_prot.c find the function osetreuid() with the comment:

    /*
     * we assume that the intent of setting ruid is to be able to get
     * back ruid priviledge. So we make sure that we will be able to
     * do so, but do not actually set the ruid.
     */

This breaks what I would think would be a typical usage of setreuid()
as shown above. I find it hard to believe, though, that the UUCP in
NetBSD 1.0 was broken as shipped.

So, basically, I'm confused. Is this behaviour of NetBSD (not really
setting the real uid) acceptable (i.e., should programs like Taylor
uucp be saving the euid and resetting that, rather than relying on
getuid() to return the old euid after a swap)?

cjs
-- 
Curt Sampson    curt@portal.ca		Info at http://www.portal.ca/
Internet Portal Services, Inc.	
Vancouver, BC   (604) 257-9400		De gustibus, aut bene aut nihil.