[2830] in Kerberos-V5-bugs
Re: krb5-libs/505: patch to make krb5 consistently use one set-effective-uid function
daemon@ATHENA.MIT.EDU (tytso@MIT.EDU)
Thu Dec 4 14:32:44 1997
Date: Thu, 4 Dec 1997 14:32:09 -0500
To: krb5-bugs@MIT.EDU, evanc@synapse.net
Cc: gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
In-Reply-To: <199711230605.BAA22697@rt-11.MIT.EDU> (evanc@synapse.net)
From: tytso@MIT.EDU
Date: 23 Nov 1997 06:04:49 -0000
From: evanc@synapse.net
Of the 3 set-effective-uid choices, seteuid() is the only one
that is POSIX-approved, so I chose to implement everything
in terms of seteuid. From Kerberos' perspective, seteuid()
is completely sufficient in all cases.
Actually, no, seteuid() is not POSIX-approved. The only function which
is defined by POSIX is setuid().
Seteuid() is also not enough, for those platforms which don't implement
the POSIX saved-setuid functionality (which is OPTIONAL to implement).
For example, if you simply use seteuid() to temporarily drop root
privileges, and you're on a system which doesn't implement saved-setuid,
there's no way to get root privileges back.
Obviously, seteuid() is also not sufficent when you actually want to set
the real-userid.
What was there a specific problem you were trying to solve with these
patches?
- Ted
