 Relationships |
|
| Anonymous | Login | 2021-05-08 06:35 UTC |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
| ID | Category | Severity | Type | Date Submitted | Last Update | |||||||
| 0001344 | [1003.1(2008)/Issue 7] System Interfaces | Editorial | Enhancement Request | 2020-05-20 10:34 | 2020-05-21 13:09 | |||||||
| Reporter | mkerrisk | View Status | public | |||||||||
| Assigned To | ajosey | |||||||||||
| Priority | normal | Resolution | Open | |||||||||
| Status | Under Review | |||||||||||
| Name | Michael Kerrisk | |||||||||||
| Organization | man7.org | |||||||||||
| User Reference | ||||||||||||
| Section | XSH | |||||||||||
| Page Number | n/a | |||||||||||
| Line Number | n/a | |||||||||||
| Interp Status | --- | |||||||||||
| Final Accepted Text | ||||||||||||
| Summary | 0001344: Addition of setresuid()/setresgid()/getresuid()/getresgid() | |||||||||||
| Description |
setresuid()/setresgid()/getresuid()/getresgid() are implemented on a number systems including at least Linux, FreeBSD, OpenBSD, and HP-UX. (Notably, they are not present on Solaris, so far as I know.) Adding these interfaces to POSIX would be valuable for a number of reasons: * The semantics of the existing APIs for modifying credentials are problematic. The semantics of setuid()/setgid() depend on whether the process is privileged, so that the API either changes just the effective ID, or all of real/effective and saved set IDs. The only POSIX-specified way to change saved set IDs is to use setreuid()/setregid(). But those APIs depend on a bizarre rule to determine whether or not the saved set ID is modified. These sorts of funny behaviors are invitations for programmers to make mistakes, and in this case such mistakes have obvious security implications. * By contrast with the former point, the semantics of the changes made by setresuid() and setresgid() are simple and transparent: one argument per credential, with "-1" being used to signify "no change". No semantics that vary according to whether the process is privileged and no funny rules. * getresuid()/getresgid() provide the only means of explicitly retrieving the save set-UID/GID. |
|||||||||||
| Desired Action |
1. Add specifications of setresuid()/setresgid()/getresuid()/getresgid() 2. Add SEE ALSO entries in relevant other pages (getuid(), geteuid(), setuid(), setreuid(), getgid(), getegid(), setgid(), setregid(), <unistd.h>) 3. Add prototypes to <unistd.h> 4. Add to "XSI_USER_GROUPS" in "E.1 Subprofiling Option Groups"(?) I will attempt 1; presumably 2, 3, 4 can be written up as boilerplate editing directions (which I can attempt, but may need some assistance). |
|||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
|
|
||||||||||||
|
Relationships |
|
|
Notes |
|
|
(0004879) mkerrisk (reporter) 2020-05-21 13:09 |
On page 448 (<unistd.h> Declarations), after line 15419, insert
On page 448 (<unistd.h> Declarations), after line 15443, insert
On page 451 (<unistd.h> SEE ALSO) at lines 15579-15581, insert the following entries into the list in sorted order:
On page 1028 (getegid() SEE ALSO) at line 35033, insert the following entries into the list in sorted order:
On page 1032 (geteuid() SEE ALSO) at line 35171, insert the following entries into the list in sorted order:
On page 1033 (getgid() SEE ALSO) at line 35210, insert the following entries into the list in sorted order:
On page 1104 (getuid() SEE ALSO) at line 37410, insert the following entries into the list in sorted order:
On page 1890 (setegid() SEE ALSO) at line 61214, insert the following entries into the list in sorted order:
On page 1893 (seteuid() SEE ALSO) at line 61308, insert the following entries into the list in sorted order:
On page 1894 (setgid() SEE ALSO) at line 61345, insert the following entries into the list in sorted order:
On page 1917 (setregid() SEE ALSO) at line 61847, insert the following entries into the list in sorted order:
On page 1919 (setreuid() SEE ALSO) at line 61908, insert the following entries into the list in sorted order:
On page 1929 (setuid() SEE ALSO) at line 62155, insert the following entries into the list in sorted order:
(Depending on whether these APIs should be part of XSI_USER_GROUPS) On page 3794 (Subprofiling Option Groups) at lines 130234-130234, insert the following entries into the list in sorted order:
At page 1086, insert the specifications for getresuid() and getresgid():
At page 1918, insert the specifications for setresuid() and setresgid():
|
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2020-05-20 10:34 | mkerrisk | New Issue | |
| 2020-05-20 10:34 | mkerrisk | Status | New => Under Review |
| 2020-05-20 10:34 | mkerrisk | Assigned To | => ajosey |
| 2020-05-20 10:34 | mkerrisk | Name | => Michael Kerrisk |
| 2020-05-20 10:34 | mkerrisk | Organization | => man7.org |
| 2020-05-20 10:34 | mkerrisk | Section | => XSH |
| 2020-05-20 10:34 | mkerrisk | Page Number | => n/a |
| 2020-05-20 10:34 | mkerrisk | Line Number | => n/a |
| 2020-05-21 12:51 | mkerrisk | Note Added: 0004875 | |
| 2020-05-21 12:57 | mkerrisk | Note Added: 0004876 | |
| 2020-05-21 12:58 | mkerrisk | Note Deleted: 0004875 | |
| 2020-05-21 12:59 | mkerrisk | Note Deleted: 0004876 | |
| 2020-05-21 12:59 | mkerrisk | Note Added: 0004877 | |
| 2020-05-21 12:59 | mkerrisk | Note Deleted: 0004877 | |
| 2020-05-21 13:02 | mkerrisk | Note Added: 0004878 | |
| 2020-05-21 13:08 | mkerrisk | Note Deleted: 0004878 | |
| 2020-05-21 13:09 | mkerrisk | Note Added: 0004879 | |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |  |
