Semantics of "seteuid(uid)" vs. "setreuid(-1,uid)"
StefanEßer
se at FreeBSD.org
Thu Jun 10 11:26:20 GMT 2004
On 2004-06-07 01:30 -0700, David Schultz <das at FreeBSD.ORG> wrote:
> On Sun, Jun 06, 2004, Stefan Eer wrote:
> > Any reason, that there is a difference in semantics between:
> >
> > seteuid(id) vs. setreuid(-1, id) ???
> >
> > The tests performed on the arguments are different (assuming a
> > fixed arg of -1 for ruid) in that seteuid does not support the
> > case of (euid == cr_uid):
> > [...]
> > Is the difference between seteuid() and setreuid() deliberate ?
>
> The best rationale I can think of is that setreuid(x, geteuid())
> does something useful, whereas seteuid(geteuid()) is a no-op. I
> think the seteuid() behavior you complain about exists for purely
> historical reasons. POSIX does not require seteuid(geteuid()) to
> succeed, but it implicitly allows it as an extension. Solaris and
> Linux have this extension. The trouble with tweaking the
> interface is that you always have to ask: what new security holes
> could this open up in existing software?
Thanks for the reply. I'm afraid that there might be security risks
and/or broken programs in the system. Problem is, that the current
behaviour breaks programs in ports, that expect seteuid to behave
the same as setreuid(-1,uid) does on FreeBSD. But this can be fixed
in the individual ports ...
> Hao Chen points out that the failure of seteuid(geteuid()) in
> FreeBSD is one of many tricky issues with using the set*uid()
> interface portably. In my (biased) opinion, his Setuid
> Demystified paper, is well worth reading if you want to untangle
> this stuff in your mind:
>
> http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf
Thank you for the pointer: Interesting reading !
Regards, STefan
More information about the freebsd-hackers
mailing list