>The problem is that there are programs written assuming old (BSD 4.3 for
>example) semantics. Most people don't realize whether or not a program
>was written for BSD 4.3 semantics, and system administrators will just
>blindly install the old application not realizing that it's unsafe for
>Linux.
I sympathise with your concerns, but fail to see where they become
reality.
>For example, if you have a program which assumes that:
> uid = getuid();
> setreuid(uid, uid);
>will drop all privileges (which is true in BSD 4.3) will no longer be
>true in in your patches. In fact, there is currently a CERT advisory in
Even with my patches in, the program *will* drop all privileges as
soon as it execs. The only real danger I see would be if the
program would try and reset the uid back to the current saved uid *before*
it execs.
Now, normal programs wouldn't try to reset the uid back because the
programmer (assuming BSD 4.3 semantics) *knew* that this would not
make sense and would fail anyway.
The only case where this could become a real threat is if the program
would be executing some kind of interpreted language through which
the user could instruct the program to change uid back to its former
saved uid. Programs like this which initially run suid something
ought to be rare and should be easy to fix.
>preparation for a very popular program (probably present on all
>virtually all Linux installations) which is related to setuid/saved uid
>handling --- Linux wasn't affected because of our paranoid setreuid()
>implementation, but other OS's were affected because they made the same
>flawed assumption that you made.
Would this program, by any chance, fit the last category as I described?
--
Sincerely, srb@cuci.nl
Stephen R. van den Berg (AKA BuGless).
Auto repair rates: basic labor $40/hour; if you wait, $60; if you watch, $80;
if you ask questions, $100; if you help, $120; if you laugh, $140.