Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Oct 2020 09:52:54 +0000
From: "Laurent Bercot" <ska-dietlibc@...rnet.org>
To: musl@...ts.openwall.com
Subject: Re: Calling setxid() in a vfork()-child


>If dropping privileges is all you want, then posix_spawn() has a flag
>for that.

  But it does not. All POSIX_SPAWN_RESETIDS does is make sure that a
s-bit program does not spawn a child with the same effective uid as
its caller; there is nothing in posix_spawn() about dropping root
privileges.

  This is one of process state change operations that are lacking in
posix_spawn(), along with being able to spawn the child as a session
leader (despite being able to spawn it as a process group leader).

  That's what makes exhaustive attribute listing a bad function design:
there is always an attribute that designers forget. I understand how
useful posix_spawn() is for portable correctness, I use it over fork()
whenever I can, but it is definitely not complete without helper
programs and it's an ugly wart that nobody benefits from ignoring.

--
  Laurent

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.