Re: Need help (building ncurses-4.2)

To: "Roland McGrath" <roland@frob.com>, "Santiago Vila" <sanvila@unex.es>
Cc: "Debian GNU/Hurd list" <debian-hurd@lists.debian.org>
Subject: Re: Need help (building ncurses-4.2)
From: "Jules Bean" <jmlb2@hermes.cam.ac.uk>
Date: Tue, 03 Nov 1998 17:54:36 +0000
Message-id: <[🔎] 1222280.3119104476@jmlb2.trin.cam.ac.uk>

--On Tue, Nov 3, 1998 12:38 pm -0500 "Roland McGrath" <roland@frob.com>
wrote: 

> 
> It would be simple to add the feature to the Hurd, but we will not do so
> unless we are convinced of its utility.
> 
>> So: Is setfsuig a "Linuxism"? Is there a replacement?
> 
> Yes, it is a Linux invention.

I can't tell you why ncurses uses them, but I can give you an example:

Nfsd uses them because it needs to write files as a particular non-root
user, for security reasons.  However, if it calls setuid, it exposes itself
to signals from that user - which is bad.  So it calls setfsuid to make its
file-system access limited without having to expose itself to a signal
attack.

I don't know the details of the signal attack - presumably someone devised a
race condition..

Jules

/----------------+-------------------------------+---------------------\
|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd        |
|  Jules aka     | jules@debian.org              |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
+----------------+-------------------------------+---------------------+
|  Debian GNU/Linux - "Microsoft *does* have a year 2000 problem -     |
|                      and we're it!" (paraphrased from IRC)           |
\----------------------------------------------------------------------/

Reply to:

Prev by Date: Re: Need help (building ncurses-4.2)
Next by Date: Re: Need help (building ncurses-4.2)
Previous by thread: Re: Need help (building ncurses-4.2)
Next by thread: Re: Need help (building ncurses-4.2)
Index(es):
- Date
- Thread