[Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Sep 26 01:06:10 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=715





------- Additional Comments From Robert.Dahlem at siemens.com  2003-09-26 01:06 -------
The proposed check would not require root privileges, it would just sacrifice
setreuid() when lacking root privileges. I didn't see the advantage of
setreuid() over setuid() anyway, but that's just me lacking the knowledge. May
be someone can explain this to me off-bugzilla.

I agree upon your statement about who should fix OS bugs. But: we live in real
world with real buggy OSs and real constraints concerning budgets for new
hardware. New OS versions tend to require more/bigger hardware, old OS versions
tend to be no longer under vendor maintenance. Complaining to the vendor is not
always an option.

What OpenSSH does at the moment is knowingly running into a bug multiple OSs
have (in this case we know at least about IRIX, Tru64, Mac OS X and ReliantUnix)
and leaving non-C-capable admins only the choice between vulnerable OpenSSH
(3.6.1) or mal-/non-functioning OpenSSH (sshd simply disconnecting non-root users).

I think the principle of least surprise should apply here, which means: if you
know it might be broken, then don't use it unless you have prove it is not broken.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list