mirror of https://github.com/mkerrisk/man-pages
setfsuid.2: Clarify historical details and note that setfsuid() is obsolete
Reported-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
9e3859ed2b
commit
18cc659761
|
@ -84,9 +84,24 @@ it will return \-1 and set \fIerrno\fP to
|
||||||
without attempting
|
without attempting
|
||||||
the system call.
|
the system call.
|
||||||
.LP
|
.LP
|
||||||
Note that at the time this system call was introduced, a process
|
At the time when this system call was introduced, one process
|
||||||
could send a signal to a process with the same effective user ID.
|
could send a signal to another process with the same effective user ID.
|
||||||
Today signal permission handling is slightly different.
|
This meant that if a privilged process changed its effective user ID
|
||||||
|
for the purpose of file permission checking,
|
||||||
|
then it could become vulnerable to receiving signals
|
||||||
|
sent by another (unprivileged) process with the same user ID.
|
||||||
|
The filesystem user ID attribute was thus added to allow a process to
|
||||||
|
change its user ID for the purposes of file permission checking without
|
||||||
|
at the same time becoming vulnerable to receiving unwanted signals.
|
||||||
|
Since Linux 2.0, signal permission handling is different (see
|
||||||
|
.BR kill (2)),
|
||||||
|
with the result that a process change can change its effective user ID
|
||||||
|
without being vulnerable to receiving signals from unwanted processes.
|
||||||
|
Thus,
|
||||||
|
.BR setfsuid ()
|
||||||
|
is nowadays unneeded and should be avoided in new applications
|
||||||
|
(likewise for
|
||||||
|
.BR setfsgid (2)).
|
||||||
|
|
||||||
The original Linux
|
The original Linux
|
||||||
.BR setfsuid ()
|
.BR setfsuid ()
|
||||||
|
|
Loading…
Reference in New Issue