On Wed, 2010-05-19 at 15:53 +0100, Magnus Therning wrote:

On Mon, May 17, 2010 at 19:21, Eric Mertens wrote:

...

Hello,

It looks like my darcs-fu is a bit rusty. I've attached the patch with all of the changes to this message for adding the missing functions to unix package

It was a while ago that I looked into uid/gid issues on Unix, but as I remember it it wasn't very straight forward, especially for setting. Particularly worrying was that it is fairly easy to get into the position where one thinks that the uid/gid has been irreversibly changed from root, while in fact this isn't the case. I also remember that the "correct" way of changing uid/gid differed between Unix platforms. A quick look at this patch leads me to believe that this hasn't been taken into account. Am I correct in this?

You are correct that this patch does not attempt to normalize the differences between platforms. As you've noted, switching userIDs can be complicated, but it doesn't seem that the unix package goes to great lengths to normalize all potential differences and having these function exported could be a starting point for a higher-level library to support userID switching more regularly.

The paper that removed the mist surround uid/gid was Setuid Demystified[1].

-- Eric Mertens Galois, Inc.