[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dropping setuid/setgid privileges
From: |
Bruno Haible |
Subject: |
Re: dropping setuid/setgid privileges |
Date: |
Wed, 10 Jun 2009 00:51:44 +0200 |
User-agent: |
KMail/1.9.9 |
Sam Steingold wrote:
> so, you are _intentionally_ making your code useless to me because you
> _think_ it is not appropriate for me to use it.
> the net result is that I will be using a worse piece of code instead
> of your good code, and my users will be _less_ secure as a result of
> your grandstanding.
You are still confusing two separate issues.
1) Putting routines that drop setuid/setgid privileges into a library
is a recipe for provoking security vulnerabilities. This is true
regardless whether you use my code for doing this, or yours or
anyone else's, and regardless whether it uses abort() or not.
Please read the comments in idpriv.h again.
2) Whether the functions call abort() or return a particular error code,
is a matter of API design. I think the choice I made is right, because
it uses abort() exactly for the purpose for which it was designed.
(This is independent of the library vs. executable issue: many
libraries, including glibc, also use abort().)
You can locally replace the abort() calls by anything you like, using
gnulib-tool --local-dir [1][2].
Bruno
[1] http://www.gnu.org/software/hello/manual/gnulib/Openness.html
[2] http://lists.gnu.org/archive/html/bug-gnulib/2006-07/msg00319.html
- Re: dropping setuid/setgid privileges, (continued)
Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges, Sam Steingold, 2009/06/08
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges, Sam Steingold, 2009/06/08
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/09
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/09
- Re: dropping setuid/setgid privileges, Sam Steingold, 2009/06/09
- Re: dropping setuid/setgid privileges,
Bruno Haible <=