[ovs-dev] [PATCH 06/21] daemon_switch_user: Improve portablility

Ben Pfaff blp at ovn.org
Tue Nov 10 19:27:05 UTC 2015


OK, great, somehow  I missed that.

On Tue, Nov 10, 2015 at 09:00:05AM -0800, Andy Zhou wrote:
> No. I have Acked the change.
> 
> On Mon, Nov 9, 2015 at 3:26 PM, Ben Pfaff <blp at ovn.org> wrote:
> > On Tue, Oct 20, 2015 at 12:09:46PM +0900, Takashi Yamamoto wrote:
> >> On Tue, Oct 20, 2015 at 7:14 AM, Andy Zhou <azhou at nicira.com> wrote:
> >> > I am going by the advice of paper " The Murky Issue of Changing
> >> > Process Identity: Revising “Setuid Demystified” "
> >> >
> >> > On page 7, it says:
> >> >
> >> > Specifically, all OSes that support getresuid (see Figure 3) also
> >> > support setresuid and setresgid. These offer the clearest and most
> >> > consistent semantics, and can be used by privileged and non-privileged
> >> > processes alike.
> >> >
> >> > According to the paper,  setuid() may or may not change saved uid, it
> >> > is OS dependent and may only change effective uid in cause current uid
> >> > is not
> >> > zero.
> >> >
> >> > Also according to the same paper in Figure 3, getresuid() is supported
> >> > by Linux, HPUX, FreeBSD and OpenBSD, it would be nice to let those OS
> >> > use this API. For NetBSD, we can resolve this by emulating the
> >> > getresuid() call.  Make sense?
> >>
> >> well, this fallback code is currently for FreeBSD and NetBSD,
> >> for which the semantics are consistent, right?
> >
> > Andy, any further comments on this?



More information about the dev mailing list