diff options
| author | uqs <uqs@FreeBSD.org> | 2010-05-13 12:07:55 +0000 |
|---|---|---|
| committer | uqs <uqs@FreeBSD.org> | 2010-05-13 12:07:55 +0000 |
| commit | 1ab3783e1a2e5231321a0fc5399736ddc70407f0 (patch) | |
| tree | c699822393a0ad4134098c013ca4b4ea4e2f3108 /lib/libc/sys/setuid.2 | |
| parent | 43b7e87f4317ace45532f012cea993a4d9d418f0 (diff) | |
| download | FreeBSD-src-1ab3783e1a2e5231321a0fc5399736ddc70407f0.zip FreeBSD-src-1ab3783e1a2e5231321a0fc5399736ddc70407f0.tar.gz | |
mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.
GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.
Found by: mdocml lint run
Reviewed by: ru
Diffstat (limited to 'lib/libc/sys/setuid.2')
| -rw-r--r-- | lib/libc/sys/setuid.2 | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/lib/libc/sys/setuid.2 b/lib/libc/sys/setuid.2 index 78e4ab8..4bb4a68 100644 --- a/lib/libc/sys/setuid.2 +++ b/lib/libc/sys/setuid.2 @@ -124,39 +124,6 @@ The system calls will fail if: The user is not the super user and the ID specified is not the real, effective ID, or saved ID. .El -.Sh SECURITY CONSIDERATIONS -Read and write permissions to files are determined upon a call to -.Xr open 2 . -Once a file descriptor is open, dropping privilege does not affect -the process's read/write permissions, even if the user ID specified -has no read or write permissions to the file. -These files normally remain open in any new process executed, -resulting in a user being able to read or modify -potentially sensitive data. -.Pp -To prevent these files from remaining open after an -.Xr exec 3 -call, be sure to set the close-on-exec flag is set: -.Bd -literal -void -pseudocode(void) -{ - int fd; - /* ... */ - - fd = open("/path/to/sensitive/data", O_RDWR); - if (fd == -1) - err(1, "open"); - - /* - * Set close-on-exec flag; see fcntl(2) for more information. - */ - if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) - err(1, "fcntl(F_SETFD)"); - /* ... */ - execve(path, argv, environ); -} -.Ed .Sh SEE ALSO .Xr getgid 2 , .Xr getuid 2 , @@ -191,3 +158,36 @@ and .Fn setgid functions appeared in .At v7 . +.Sh SECURITY CONSIDERATIONS +Read and write permissions to files are determined upon a call to +.Xr open 2 . +Once a file descriptor is open, dropping privilege does not affect +the process's read/write permissions, even if the user ID specified +has no read or write permissions to the file. +These files normally remain open in any new process executed, +resulting in a user being able to read or modify +potentially sensitive data. +.Pp +To prevent these files from remaining open after an +.Xr exec 3 +call, be sure to set the close-on-exec flag is set: +.Bd -literal +void +pseudocode(void) +{ + int fd; + /* ... */ + + fd = open("/path/to/sensitive/data", O_RDWR); + if (fd == -1) + err(1, "open"); + + /* + * Set close-on-exec flag; see fcntl(2) for more information. + */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) + err(1, "fcntl(F_SETFD)"); + /* ... */ + execve(path, argv, environ); +} +.Ed |
