On Mon, 19 Aug 2002, Patrick Powell wrote: > Date: Mon, 19 Aug 2002 17:14:56 -0700 (PDT) > From: Patrick Powell <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: LPRng: Remaining bugs in 3.8.14 build > > > From [EMAIL PROTECTED] Fri Aug 16 05:12:41 2002 > > Date: Fri, 16 Aug 2002 12:47:45 +0200 (CEST) > > From: Villy Kruse <[EMAIL PROTECTED]> > > To: lprng <[EMAIL PROTECTED]> > > Subject: Re: LPRng: Remaining bugs in 3.8.14 build > > > > On Mon, 12 Aug 2002, Rick Cochran wrote: > > > > > > > > 2) 'setruid' is selected by 'configure' for use under AIX. Although the > > > setruid routine exists in the AIX libraries, IT IS CAREFULLY DOCUMENTED > > > AS BEING BROKEN. The configure script should show this routine as > > > non-existant on all AIX systems. > > > > > > > > > In addition, on AIX you can't ever change real user id, unless you also > > set effective and saved uid to the same user id at the same time and > > thereby dropping all superuser privileges and any hope of ever changing > > back to the original user id. Thus setreuid() won't allow you to change > > the real user id either without setting the effective uid at the same time. > > > > > > Villy > > Not only on AIX but some other SysV systems. The work around is > (don't gag now) to set everything to root and then fiddle with > the ones that give you problems: > > setuid(0); /* set both euid and uid to root */ > setruid(xx); /* now do the dirty deed */ >
That won't work! setruid() always returns EPERM. setreuid won't work unless both real and effective user id is set to the same, or you only attempt to change the effective user id. System V rel3 never had anything but setuid(), which, when invoked as superuser, will set both real and effective user id. That is the only time the real user id is ever set, namely when setting it after having logged in. When invoked as non-superuser setuid() works the same as seteuid() It seems that the kerberos library needs changing so you don't need to set the real user id. As far as I can see that is the only time LPRng is ever attempting to set real user id. Villy ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
