Re: CVS commit: src/bin/sh

To: christos%astron.com@localhost (Christos Zoulas)
Subject: Re: CVS commit: src/bin/sh
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Tue, 26 Oct 2021 22:38:25 +0700

    Date:        Tue, 26 Oct 2021 15:07:23 -0000 (UTC)
    From:        christos%astron.com@localhost (Christos Zoulas)
    Message-ID:  <sl95jb$s7h$1%ciao.gmane.io@localhost>

  | No issetugid()?

No, because I'm not sure I understand that, nor that I believe:

   A process is tainted if [...] it has changed any of its real,
   effective or saved user or group ID's since it began execution.

nor how that would apply to sh.   Further:

   This system call exists so that library routines (e.g., libc)

where perhaps it might be useful (I really have no idea) but that's
not the situation of concern.

What matters is if a sh is run from a set[ug]id process (or stranger perhaps,
someone makes a copy of sh set[ug]id) that, at least until someone says
"this is safe now" it doesn't do anything too dangerous.   Just checking
the uid/gid against euid/egid seems adequate for that.

kre

References:
- Re: CVS commit: src/bin/sh
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/bin/sh
Next by Date: Re: CVS commit: src
Previous by Thread: Re: CVS commit: src/bin/sh
Next by Thread: Re: CVS commit: src/bin/sh
Indexes:

Home | Main Index | Thread Index | Old Index