Debian Bug report logs - #9136
man page patches

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Richard Kettlewell <richard@greenend.org.uk>

To: submit@bugs.debian.org

Subject: man page patches

Date: Sun, 27 Apr 97 16:05:20 +0100 (BST)

Package: manpages
Version: 1.15-1 

I suggest applying the following patch to setgid.2 and setuid.2.  The
existing setgid.2 manpage is largely bogus, being apparently no more
than a seach-and-replace on the setuid.2 manpage.  The setuid.2
manpage is much better and just needs a couple of additions to
document more recent Linux features.

ttfn/rjk

diff -ruN orig/setgid.2 new/setgid.2
--- orig/setgid.2	Sun Apr 27 16:01:42 1997
+++ new/setgid.2	Sun Apr 27 15:54:48 1997
@@ -1,4 +1,5 @@
 .\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.)
+.\" Portions Copyright (C) 1997 Richard Kettlewell
 .\"
 .\" Permission is granted to make and distribute verbatim copies of this
 .\" manual provided the copyright notice and this permission notice are
@@ -22,8 +23,9 @@
 .\"
 .\" Fri Jul 29th 12:56:44 BST 1994  Wilf. <G.Wilford@ee.surrey.ac.uk> 
 .\" Modified Fri Jan 31 17:06:56 1997 by Eric S. Raymond <esr@thyrsus.com>
+.\" Modified Sun Apr 27 1997 by Richard Kettlewell <richard@greenend.org.uk>
 .\"
-.TH SETGID 2 "29 July 1994" "Linux 1.1.36" "Linux Programmer's Manual"
+.TH SETGID 2 "27 April 1997" "Linux 2.0.29" "Linux Programmer's Manual"
 .SH NAME
 setgid \- set group identity
 .SH SYNOPSIS
@@ -31,32 +33,24 @@
 .sp
 .BI "int setgid(gid_t " gid )
 .SH DESCRIPTION
+If the effective uid of the caller is not root,
 .B setgid
-sets the effective group ID of the current process. If the caller is the
-superuser, the real and saved group ID's are also set.
-
-Under Linux, 
-.B setgid
-is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
-This allows a setgid (other than root) program to drop all of its group
-privileges, do some un-privileged work, and then re-engage the original
-effective group ID in a secure manner.
-
-If the user is root or the program is setgid root, special care must be
-taken. The 
-.B setgid
-function checks the effective gid of the caller and if it is the superuser,
-all process related group ID's are set to
-.IR gid . 
-After this has occurred, it is impossible for the program to regain root
-privileges.             
-
-Thus, a setgid-root program wishing to temporarily drop root
-privileges, assume the identity of a non-root group, and then regain
-root privileges afterwards cannot use 
-.BR setgid .
-You can accomplish this with the (non-POSIX, BSD) call
-.BR setegid .
+sets the effective and filesystem group IDs of the current process to
+.IR gid .
+If the effective uid is root, then the real and saved group ID's are
+also set.
+.PP
+By using the saved ID feature, an setgid process may switch between
+the privileged and unprivileged groups safely.
+.PP
+The caller must either have an effect uid of root, or
+.I gid
+must be equal to either the current or saved gid.
+.PP
+If
+.I gid
+is different to the old effective gid, the process will
+be marked as not dumpable.
 .SH "RETURN VALUE"
 On success, zero is returned.  On error, \-1 is returned, and
 .I errno
diff -ruN orig/setuid.2 new/setuid.2
--- orig/setuid.2	Sun Apr 27 15:54:35 1997
+++ new/setuid.2	Sun Apr 27 16:04:16 1997
@@ -1,4 +1,5 @@
 .\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.)
+.\" Portions Copyright (C) 1997 Richard Kettlewell
 .\"
 .\" Permission is granted to make and distribute verbatim copies of this
 .\" manual provided the copyright notice and this permission notice are
@@ -21,8 +22,9 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\"
 .\" Fri Jul 29th 12:56:44 BST 1994  Wilf. <G.Wilford@ee.surrey.ac.uk> 
+.\" Modified Sun Apr 27 1997 by Richard Kettlewell <richard@greenend.org.uk>
 .\"
-.TH SETUID 2 "29 July 1994" "Linux 1.1.36" "Linux Programmer's Manual"
+.TH SETUID 2 "27 April 1997" "Linux 2.0.29" "Linux Programmer's Manual"
 .SH NAME
 setuid \- set user identity
 .SH SYNOPSIS
@@ -31,16 +33,17 @@
 .BI "int setuid(uid_t " uid )
 .SH DESCRIPTION
 .B setuid
-sets the effective user ID of the current process. If the caller is the
-superuser, the real and saved user ID's are also set.
-
+sets the effective user ID and filesystem user ID of the current
+process. If the effective userid of the caller is root, the real and
+saved user ID's are also set.
+.PP
 Under Linux, 
 .B setuid
 is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
 This allows a setuid (other than root) program to drop all of its user
 privileges, do some un-privileged work, and then re-engage the original
 effective user ID in a secure manner.
-
+.PP
 If the user is root or the program is setuid root, special care must be
 taken. The 
 .B setuid
@@ -49,13 +52,18 @@
 .IR uid . 
 After this has occurred, it is impossible for the program to regain root
 privileges.
-
+.PP
 Thus, a setuid-root program wishing to temporarily drop root
 privileges, assume the identity of a non-root user, and then regain
 root privileges afterwards cannot use 
 .BR setuid .
 You can accomplish this with the (non-POSIX, BSD) call
 .BR seteuid .
+.PP
+If
+.I uid
+is different to the old effective uid, the process will
+be marked as not dumpable.
 .SH "RETURN VALUE"
 On success, zero is returned.  On error, \-1 is returned, and
 .I errno

Message #8 received at 9136-forwarded@bugs.debian.org (full text, mbox, reply):

From: Nicolás Lichtmaier <nick@Feedback.com.ar>

To: Andries Brouwer <aeb@cwi.nl>

Cc: 9136-forwarded@bugs.debian.org

Subject: man page patches (fwd)

Date: Sun, 15 Jun 1997 23:09:34 -0300 (ART)

 These patches were suggested through the Debian bug system. Please keep
the CC if you reply to this message.

-- 
Nicolás Lichtmaier.-

---------- Forwarded message ----------
Date: Sun, 27 Apr 97 16:05:20 +0100 (BST)
From: Richard Kettlewell <richard@greenend.org.uk>
To: submit@bugs.debian.org
Subject: Bug#9136: man page patches

Package: manpages
Version: 1.15-1 

I suggest applying the following patch to setgid.2 and setuid.2.  The
existing setgid.2 manpage is largely bogus, being apparently no more
than a seach-and-replace on the setuid.2 manpage.  The setuid.2
manpage is much better and just needs a couple of additions to
document more recent Linux features.

ttfn/rjk

diff -ruN orig/setgid.2 new/setgid.2
--- orig/setgid.2	Sun Apr 27 16:01:42 1997
+++ new/setgid.2	Sun Apr 27 15:54:48 1997
@@ -1,4 +1,5 @@
 .\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.)
+.\" Portions Copyright (C) 1997 Richard Kettlewell
 .\"
 .\" Permission is granted to make and distribute verbatim copies of this
 .\" manual provided the copyright notice and this permission notice are
@@ -22,8 +23,9 @@
 .\"
 .\" Fri Jul 29th 12:56:44 BST 1994  Wilf. <G.Wilford@ee.surrey.ac.uk> 
 .\" Modified Fri Jan 31 17:06:56 1997 by Eric S. Raymond <esr@thyrsus.com>
+.\" Modified Sun Apr 27 1997 by Richard Kettlewell <richard@greenend.org.uk>
 .\"
-.TH SETGID 2 "29 July 1994" "Linux 1.1.36" "Linux Programmer's Manual"
+.TH SETGID 2 "27 April 1997" "Linux 2.0.29" "Linux Programmer's Manual"
 .SH NAME
 setgid \- set group identity
 .SH SYNOPSIS
@@ -31,32 +33,24 @@
 .sp
 .BI "int setgid(gid_t " gid )
 .SH DESCRIPTION
+If the effective uid of the caller is not root,
 .B setgid
-sets the effective group ID of the current process. If the caller is the
-superuser, the real and saved group ID's are also set.
-
-Under Linux, 
-.B setgid
-is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
-This allows a setgid (other than root) program to drop all of its group
-privileges, do some un-privileged work, and then re-engage the original
-effective group ID in a secure manner.
-
-If the user is root or the program is setgid root, special care must be
-taken. The 
-.B setgid
-function checks the effective gid of the caller and if it is the superuser,
-all process related group ID's are set to
-.IR gid . 
-After this has occurred, it is impossible for the program to regain root
-privileges.             
-
-Thus, a setgid-root program wishing to temporarily drop root
-privileges, assume the identity of a non-root group, and then regain
-root privileges afterwards cannot use 
-.BR setgid .
-You can accomplish this with the (non-POSIX, BSD) call
-.BR setegid .
+sets the effective and filesystem group IDs of the current process to
+.IR gid .
+If the effective uid is root, then the real and saved group ID's are
+also set.
+.PP
+By using the saved ID feature, an setgid process may switch between
+the privileged and unprivileged groups safely.
+.PP
+The caller must either have an effect uid of root, or
+.I gid
+must be equal to either the current or saved gid.
+.PP
+If
+.I gid
+is different to the old effective gid, the process will
+be marked as not dumpable.
 .SH "RETURN VALUE"
 On success, zero is returned.  On error, \-1 is returned, and
 .I errno
diff -ruN orig/setuid.2 new/setuid.2
--- orig/setuid.2	Sun Apr 27 15:54:35 1997
+++ new/setuid.2	Sun Apr 27 16:04:16 1997
@@ -1,4 +1,5 @@
 .\" Copyright (C), 1994, Graeme W. Wilford. (Wilf.)
+.\" Portions Copyright (C) 1997 Richard Kettlewell
 .\"
 .\" Permission is granted to make and distribute verbatim copies of this
 .\" manual provided the copyright notice and this permission notice are
@@ -21,8 +22,9 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\"
 .\" Fri Jul 29th 12:56:44 BST 1994  Wilf. <G.Wilford@ee.surrey.ac.uk> 
+.\" Modified Sun Apr 27 1997 by Richard Kettlewell <richard@greenend.org.uk>
 .\"
-.TH SETUID 2 "29 July 1994" "Linux 1.1.36" "Linux Programmer's Manual"
+.TH SETUID 2 "27 April 1997" "Linux 2.0.29" "Linux Programmer's Manual"
 .SH NAME
 setuid \- set user identity
 .SH SYNOPSIS
@@ -31,16 +33,17 @@
 .BI "int setuid(uid_t " uid )
 .SH DESCRIPTION
 .B setuid
-sets the effective user ID of the current process. If the caller is the
-superuser, the real and saved user ID's are also set.
-
+sets the effective user ID and filesystem user ID of the current
+process. If the effective userid of the caller is root, the real and
+saved user ID's are also set.
+.PP
 Under Linux, 
 .B setuid
 is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.
 This allows a setuid (other than root) program to drop all of its user
 privileges, do some un-privileged work, and then re-engage the original
 effective user ID in a secure manner.
-
+.PP
 If the user is root or the program is setuid root, special care must be
 taken. The 
 .B setuid
@@ -49,13 +52,18 @@
 .IR uid . 
 After this has occurred, it is impossible for the program to regain root
 privileges.
-
+.PP
 Thus, a setuid-root program wishing to temporarily drop root
 privileges, assume the identity of a non-root user, and then regain
 root privileges afterwards cannot use 
 .BR setuid .
 You can accomplish this with the (non-POSIX, BSD) call
 .BR seteuid .
+.PP
+If
+.I uid
+is different to the old effective uid, the process will
+be marked as not dumpable.
 .SH "RETURN VALUE"
 On success, zero is returned.  On error, \-1 is returned, and
 .I errno

Message #13 received at 9136@bugs.debian.org (full text, mbox, reply):

From: Nicolás Lichtmaier <nick@Feedback.com.ar>

To: 9136@bugs.debian.org

Subject: setuid/setgid man pages (fwd)

Date: Thu, 3 Jul 1997 00:03:54 -0300 (ART)

---------- Forwarded message ----------
Date: Mon, 16 Jun 1997 10:44:00 +0200
From: Andries.Brouwer@cwi.nl

Hmm - now that these patches were distorted by quoted printable,
and I had to hand-apply them, I noticed that the original text
of setgid was better than the patched version, so I left setgid.
I changed setuid a bit, more or less inspired by this patch.

Richard, when documenting functions, think in concepts, not in
kernel source variables. There are fsuid and dumpable, but is it
necessary to mention them?
If setuid has obscure side effects, people may claim that it is
not the function documented by POSIX.
For setuid I added a section "Linux-specific remarks" pointing
to setfsuid(2) and mentioning that after a setuid a program
would no longer dump core.

Andries

Send a report that this bug log contains spam.