This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Error checking for SETXID (bug 13347)


On Thu, Mar 27, 2014 at 04:27:46PM +0100, Florian Weimer wrote:
> On 03/27/2014 04:21 PM, Rich Felker wrote:
> 
> >>We already support it through setfsuid/setfsgid, which is
> >>per-thread, not per-process.
> >
> >The whole reason you're changing uids is because you can't be sure
> >about what code you run;
> 
> Ah, no, you can also change credentials to impersonate a user and
> access resources with the privileges of that user.  A file server
> does this, for example.

That's what setfsuid is for. setuid is pretty much exclusively for
dropping privileges.

Rich


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]