From mboxrd@z Thu Jan  1 00:00:00 1970
From: Florian Weimer <fweimer@redhat.com>
Subject: Re: Fixing setfsuid/setfsgid
Date: Thu, 23 Jan 2014 12:28:59 +0100
Message-ID: <52E0FCFB.8040505@redhat.com>
References: <52DFBC4E.3060103@redhat.com> <20140122085653.7718752e@tlielax.poochiereds.net> <52DFD049.7070605@redhat.com> <5725197.TtPkkAW1pH@jlieb-e6410>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Jeff Layton <jlayton@redhat.com>, linux-fsdevel@vger.kernel.org
To: Jim Lieb <jlieb@panasas.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:20382 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752281AbaAWL3E (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 23 Jan 2014 06:29:04 -0500
In-Reply-To: <5725197.TtPkkAW1pH@jlieb-e6410>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On 01/22/2014 07:21 PM, Jim Lieb wrote:

> I proposed a switch_creds syscall in mid-Oct (a couple of versions).

Got it.  The *at-based approach I sketched would achieve roughly the 
same thing.  I don't know how much glibc will like it if you run your 
threads with different effective user IDs, though.

Anyway, this means that for my initial question, adding 
getfsuid/getfsgid seems the answer.

-- 
Florian Weimer / Red Hat Product Security Team