Theo asks:

>did you test the latest kern_prot.c?

>here's a copy just in case you need one.

Yes. I tested the last version you e-mailed me Friday
night.

When I build a kernel with that kern_prot.c, I can't rsh to the
machine running a NetBSD kernel and the Ultrix rshd. With
the version I sent last week (the one that sets the effective
id) I can.

Looking at the comments in Theo's latest kern/kern_prot.c:

       *  N,  N: call setuid(N). This is correct emulation.

       *  N,  N: call setgid(N). This is correct emulation.

The assertion above, that set{uid,gid}(n) is correct emulation for
setre{uid,gid}(N, N) is simply NOT TRUE. Theo's code sets either
an effective or a real id, and never both. That's not correct
emulation.

I don't see why this point is so hard to get across.

Both Ultrix and SunOS 4.1.x set the real and effective id when
osetre{uid,gid} is called by a process running as superuser. I don't
see what the security problem is in emulating that behavior.
(Note the word "superuser" above.)

Ultrix, in addition, has an early (1988 vintage) version of POSIX
style saved uids. I think Ultrix sets those too, at least in the POSIX
emulation environment (see setsysinfo()). Similarly, the SunOS
manpage says that

	* a root process can set both real and effective ids to any
	  legal (not -1) value
	* Other processes can set the effective id to the real id,
	  or the real id to either  effective or saved uid.

So I guess both have some kind of POSIX-like  saved {u,g}ids

Theo, why do you insist on setre{gid,uid} setting only either
{real,saved} id, or effective id, but never both?

------------------------------------------------------------------------------