| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jul 2012 12:24:37 -0400 From: Theodore Ts'o <tytso@....edu> To: Adrián <adrianbn@...il.com> Cc: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: Setreuid distinction about (uid_t)-1 On Tue, Jul 17, 2012 at 03:13:18PM +0100, Adrián wrote: > > Thanks a lot Athanasius. What I still can't see is why is the -1 > exception there, as I assume that if you want to leave one of the ids > unchaged you can call: > > setreuid(0,geteuid()); > > If you want to leave euid unchanged, right? Is there a need or reason > to be doing this differentiation in the setreuid code? Unix systems for multiple decades have done things this way, and it's ensrined in POSIX and the Single Unix Specification. Changing it would potentially open up security holes for programs which expect the standard-specificed behavior. (Note, BTW, that decades ago system calls weren't cheap, and CPU's were much slower, and that may have driven the historical behavior. Sometimes we get forget how spoiled we are that Linux's system call overhead is as low as it is...) - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists