[ovs-dev] [PATCH 06/21] daemon_switch_user: Improve portablility

Takashi Yamamoto yamamoto at midokura.com
Mon Oct 19 06:48:33 UTC 2015


hi,

On Mon, Oct 19, 2015 at 3:14 PM, Andy Zhou <azhou at nicira.com> wrote:
> On Sun, Oct 18, 2015 at 9:28 PM, YAMAMOTO Takashi <yamamoto at midokura.com> wrote:
>> NetBSD doesn't have [gs]etres[ug]id.
>>
>> Signed-off-by: YAMAMOTO Takashi <yamamoto at midokura.com>
>> ---
>>  lib/daemon-unix.c | 40 ++++++++++++++++++----------------------
>>  1 file changed, 18 insertions(+), 22 deletions(-)
>>
> Thanks for testing on NetBSD.
>
> I am concerned that on platforms supports saved uid, Would this patch
> leave that value not changed, thus open up a security risk?
>
> How about we add a stub version of [gs]etres[ug]id for the NetBSD
> platform that can safely ignore the saved uid/ gid for that platform?

NetBSD has saved uid/gid.
saved ids are expected to be changed by set[ug]id.
http://pubs.opengroup.org/onlinepubs/9699919799/functions/setuid.html
http://man.netbsd.org/HEAD/usr/share/man/html2/setuid.html

i'm not sure what security risks you are concerning about.



More information about the dev mailing list