Anonymous | Login | 2024-12-12 13:11 UTC |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Simple Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Type | Date Submitted | Last Update | ||
0001344 | [1003.1(2016/18)/Issue7+TC2] System Interfaces | Editorial | Enhancement Request | 2020-05-20 10:34 | 2024-06-11 09:08 | ||
Reporter | mkerrisk | View Status | public | ||||
Assigned To | ajosey | ||||||
Priority | normal | Resolution | Accepted As Marked | ||||
Status | Closed | ||||||
Name | Michael Kerrisk | ||||||
Organization | man7.org | ||||||
User Reference | |||||||
Section | XSH | ||||||
Page Number | n/a | ||||||
Line Number | n/a | ||||||
Interp Status | --- | ||||||
Final Accepted Text | Note: 0006078 | ||||||
Summary | 0001344: Addition of setresuid()/setresgid()/getresuid()/getresgid() | ||||||
Description |
setresuid()/setresgid()/getresuid()/getresgid() are implemented on a number systems including at least Linux, FreeBSD, OpenBSD, and HP-UX. (Notably, they are not present on Solaris, so far as I know.) Adding these interfaces to POSIX would be valuable for a number of reasons: * The semantics of the existing APIs for modifying credentials are problematic. The semantics of setuid()/setgid() depend on whether the process is privileged, so that the API either changes just the effective ID, or all of real/effective and saved set IDs. The only POSIX-specified way to change saved set IDs is to use setreuid()/setregid(). But those APIs depend on a bizarre rule to determine whether or not the saved set ID is modified. These sorts of funny behaviors are invitations for programmers to make mistakes, and in this case such mistakes have obvious security implications. * By contrast with the former point, the semantics of the changes made by setresuid() and setresgid() are simple and transparent: one argument per credential, with "-1" being used to signify "no change". No semantics that vary according to whether the process is privileged and no funny rules. * getresuid()/getresgid() provide the only means of explicitly retrieving the save set-UID/GID. |
||||||
Desired Action |
1. Add specifications of setresuid()/setresgid()/getresuid()/getresgid() 2. Add SEE ALSO entries in relevant other pages (getuid(), geteuid(), setuid(), setreuid(), getgid(), getegid(), setgid(), setregid(), <unistd.h>) 3. Add prototypes to <unistd.h> 4. Add to "XSI_USER_GROUPS" in "E.1 Subprofiling Option Groups"(?) I will attempt 1; presumably 2, 3, 4 can be written up as boilerplate editing directions (which I can attempt, but may need some assistance). |
||||||
Tags | issue8 | ||||||
Attached Files | |||||||
|
Relationships | |||||||||||||
|
Notes | |
(0004879) mkerrisk (reporter) 2020-05-21 13:09 |
On page 448 (<unistd.h> Declarations), after line 15419, insert
On page 448 (<unistd.h> Declarations), after line 15443, insert
On page 451 (<unistd.h> SEE ALSO) at lines 15579-15581, insert the following entries into the list in sorted order:
On page 1028 (getegid() SEE ALSO) at line 35033, insert the following entries into the list in sorted order:
On page 1032 (geteuid() SEE ALSO) at line 35171, insert the following entries into the list in sorted order:
On page 1033 (getgid() SEE ALSO) at line 35210, insert the following entries into the list in sorted order:
On page 1104 (getuid() SEE ALSO) at line 37410, insert the following entries into the list in sorted order:
On page 1890 (setegid() SEE ALSO) at line 61214, insert the following entries into the list in sorted order:
On page 1893 (seteuid() SEE ALSO) at line 61308, insert the following entries into the list in sorted order:
On page 1894 (setgid() SEE ALSO) at line 61345, insert the following entries into the list in sorted order:
On page 1917 (setregid() SEE ALSO) at line 61847, insert the following entries into the list in sorted order:
On page 1919 (setreuid() SEE ALSO) at line 61908, insert the following entries into the list in sorted order:
On page 1929 (setuid() SEE ALSO) at line 62155, insert the following entries into the list in sorted order:
(Depending on whether these APIs should be part of XSI_USER_GROUPS) On page 3794 (Subprofiling Option Groups) at lines 130234-130234, insert the following entries into the list in sorted order:
At page 1086, insert the specifications for getresuid() and getresgid():
At page 1918, insert the specifications for setresuid() and setresgid():
|
(0005699) geoffclare (manager) 2022-02-22 10:15 edited on: 2022-02-24 16:16 |
This is an updated version of Note: 0004879 with XSI shading added, parameter names removed from header prototypes, and some minor wording and formatting changes. On page 448 (<unistd.h> Declarations), after line 15419, insert with XSI shading: int getresgid(gid_t *, gid_t *, gid_t *); int getresuid(uid_t *, uid_t *, uid_t *); On page 448 (<unistd.h> Declarations), after line 15443, insert with XSI shading: int setresgid(gid_t, gid_t, gid_t); int setresuid(uid_t, uid_t, uid_t); On page 451 (<unistd.h> SEE ALSO) at lines 15579-15581, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1028 (getegid() SEE ALSO) at line 35033, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1032 (geteuid() SEE ALSO) at line 35171, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1033 (getgid() SEE ALSO) at line 35210, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1104 (getuid() SEE ALSO) at line 37410, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1890 (setegid() SEE ALSO) at line 61214, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1893 (seteuid() SEE ALSO) at line 61308, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1894 (setgid() SEE ALSO) at line 61345, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1917 (setregid() SEE ALSO) at line 61847, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1919 (setreuid() SEE ALSO) at line 61908, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 1929 (setuid() SEE ALSO) at line 62155, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() On page 3794 (Subprofiling Option Groups) at lines 130234-130234, insert the following entries into the list in sorted order: getresgid(), getresuid(), setresgid(), setresuid() At page 1086, insert the specifications for getresuid() and getresgid():
At page 1918, insert the specifications for setresuid() and setresgid():
|
(0005922) geoffclare (manager) 2022-07-29 14:24 |
The getresgid(), getresuid(), setresgid(), and setresuid() additions have been made in the Issue8NewAPIs branch in gitlab, based on Note: 0005699 |
(0006078) geoffclare (manager) 2022-11-21 16:10 |
Make the changes from "Additional APIs for Issue 8, Part 2" (Austin/1273). |
Issue History | |||
Date Modified | Username | Field | Change |
2020-05-20 10:34 | mkerrisk | New Issue | |
2020-05-20 10:34 | mkerrisk | Status | New => Under Review |
2020-05-20 10:34 | mkerrisk | Assigned To | => ajosey |
2020-05-20 10:34 | mkerrisk | Name | => Michael Kerrisk |
2020-05-20 10:34 | mkerrisk | Organization | => man7.org |
2020-05-20 10:34 | mkerrisk | Section | => XSH |
2020-05-20 10:34 | mkerrisk | Page Number | => n/a |
2020-05-20 10:34 | mkerrisk | Line Number | => n/a |
2020-05-21 12:51 | mkerrisk | Note Added: 0004875 | |
2020-05-21 12:57 | mkerrisk | Note Added: 0004876 | |
2020-05-21 12:58 | mkerrisk | Note Deleted: 0004875 | |
2020-05-21 12:59 | mkerrisk | Note Deleted: 0004876 | |
2020-05-21 12:59 | mkerrisk | Note Added: 0004877 | |
2020-05-21 12:59 | mkerrisk | Note Deleted: 0004877 | |
2020-05-21 13:02 | mkerrisk | Note Added: 0004878 | |
2020-05-21 13:08 | mkerrisk | Note Deleted: 0004878 | |
2020-05-21 13:09 | mkerrisk | Note Added: 0004879 | |
2022-02-22 09:41 | geoffclare | Project | 1003.1(2008)/Issue 7 => 1003.1(2016/18)/Issue7+TC2 |
2022-02-22 10:15 | geoffclare | Note Added: 0005699 | |
2022-02-22 10:19 | geoffclare | Note Edited: 0005699 | |
2022-02-24 16:14 | geoffclare | Note Edited: 0005699 | |
2022-02-24 16:16 | geoffclare | Note Edited: 0005699 | |
2022-07-29 14:24 | geoffclare | Note Added: 0005922 | |
2022-11-21 16:10 | geoffclare | Note Added: 0006078 | |
2022-11-21 16:11 | geoffclare | Interp Status | => --- |
2022-11-21 16:11 | geoffclare | Final Accepted Text | => Note: 0006078 |
2022-11-21 16:11 | geoffclare | Status | Under Review => Resolved |
2022-11-21 16:11 | geoffclare | Resolution | Open => Accepted As Marked |
2022-11-21 16:12 | geoffclare | Tag Attached: issue8 | |
2022-11-24 10:07 | geoffclare | Status | Resolved => Applied |
2023-04-13 09:50 | geoffclare | Relationship added | related to 0001666 |
2023-04-13 09:55 | geoffclare | Relationship added | related to 0001667 |
2024-06-11 09:08 | agadmin | Status | Applied => Closed |
Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |