Message336720
> Thanks for your explanation. In case of a privileged process, the behavior of setreuid/setregid/setgroups does seem well-defined. But setuid/setgid change all ids (real, effective, saved) too in this case. Do you prefer setreuid/setregid because they provide stricter semantics in non-privileged processes compared to setuid/setgid? (The latter ones change the effective id only, potentially preserving the process ability to switch ids later).
Yes, exactly. The stricter semantics provide stronger security guarantees. The idea is to run code in an unprivileged context in a way that the code has no way to regain privileges. |
|
Date |
User |
Action |
Args |
2019-02-26 23:04:20 | patrick.mclean | set | recipients:
+ patrick.mclean, gregory.p.smith, giampaolo.rodola, izbyshev |
2019-02-26 23:04:20 | patrick.mclean | set | messageid: <1551222260.33.0.459058878826.issue36046@roundup.psfhosted.org> |
2019-02-26 23:04:20 | patrick.mclean | link | issue36046 messages |
2019-02-26 23:04:20 | patrick.mclean | create | |
|