Re: [MiNT] Pgetauid/Psetauid

[Guido Flohr <gufl0000@stud.uni-sb.de>]

Hi,

On Fri, Nov 19, 1999 at 02:52:38PM +0100, Konrad M. Kokoszkiewicz wrote:
> Hi,
> 
> > > Hum, perhaps for the same reason it calls Pseteuid()?
> > 
> > It calls Pseteuid to change persona.
> 
> Indeed. Perhaps we should change it though - i.e. remove the explicit auid
> calls (after they have been documented a year ago, grr) and add a line to
> Pseteuid() which would simultanously set auid, silently failing on error.
> For reason see below.

And I would opt for fixing the obvious bug of the interface and then
forget about auid.

> > It would call Psetauid to set some
> > information that nobody wants to know about. ;-)
> 
> I am mr Nobody :-)

Nobody could simply remember the uid before changing persona.

> My understanding is that auid is for the following situation:
> 
> - someone logs as an user (euid -> 0)

?
The user #0 is commonly called the superuser...

> - then switches to superuser
> 
> In this case auid, if inherited by new superuser shell, still holds the
> original user id (unless the person found a way to overwrite auid as
> well). And call me paranoic. :-) It would be (IMHO) more useful
> information than the id of a person who first managed to grab the keyboard
> after the system has started successfully.

If somebody has the privilege to become the super-user, why should child
processes know who she originally was?  The su command logs every attempt
to change persona with before/after information.  That should really be
enough.  Otherwise we would have to discuss if Pgetauid should still be
allowed for ordinary users.  The syslogd usually logs the same information
in a file that is not world-readable.

I have seen quite a few implementations of login, su and so on.  Not a
single one ever used that auid.  Thus, you cannot rely on Pgetauid and we
can just as well forget the concept.

Ciao

Guido
-- 
http://stud.uni-sb.de/~gufl0000/
mailto:gufl0000@stud.uni-sb.de