[2832] in Kerberos-V5-bugs
Re: krb5-libs/505: patch to make krb5 consistently use one set-effective-uid function
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Dec 4 16:18:26 1997
Date: Thu, 4 Dec 1997 16:17:44 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Evan Champion <evanc@synapse.net>
Cc: krb5-bugs@MIT.EDU, gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
In-Reply-To: Evan Champion's message of Thu, 4 Dec 1997 15:24:36 -0500 (EST),
<Pine.BSF.3.96.971204144612.738C-100000@cello.synapse.net>
Date: Thu, 4 Dec 1997 15:24:36 -0500 (EST)
From: Evan Champion <evanc@synapse.net>
Yes; setreuid() doesn't work on BSD/OS. In particular, you can use it to
switch to root, but from there you can't switch to any non-root user using
setreuid(). I noticed this in particular with ksu, but it may be a
problem elsewhere too. Once I forced seteuid() everywhere, everything
worked just peachy.
So the following doesn't work under BSD/OS?
setreuid(0, myid);
...
setreuid(myid, 0);
I find that highly ironic, since that's the original BSD 4.x approved
way to temporarily drop root privileges, and indeed it was BSD that
originally came up with the setreuid() interface in the first place.
And you're telling us that BSD/OS has gratuitously broken this? I'd
submit a bug report to BSDI.....
(And this is the last time I'm going to let a BSD bigot complain about
how Linux doesn't follow "the BSD API" ---- the BSD API is not defined
anywhere, and obviously means whatever the BSD folks want it to mean. :-)
- Ted
