Date: Wed, 19 Jan 2000 03:53:29 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Peter Wemm <peter@netplex.com.au> Cc: current@freebsd.org, bde@freebsd.org, sheldonh@freebsd.org Subject: Re: Security hole with new setresuid call Message-ID: <20000119035329.A65749@nagual.pp.ru> In-Reply-To: <20000118061202.50F8D1CD4@overcee.netplex.com.au> References: <ache@nagual.pp.ru> <20000118061202.50F8D1CD4@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 18, 2000 at 02:12:02PM +0800, Peter Wemm wrote: > .. and why is this a security hole? setresuid(geteuid(), geteuid(), geteuid()) > is equivalent to setuid(geteuid()).. Umm, maybe not the hole exactly, but difference between same area syscalls implementation. We define POSIX_APPENDIX_B_4_2_2 by default for setuid(geteuid()), but I mean case when it is _not_ defined (BTW, why to have define which is always on?) And in case POSIX_APPENDIX_B_4_2_2 is not defined, ruid = euid; assignment was not allowed before you add new syscall. -- Andrey A. Chernov http://nagual.pp.ru/~ache/ MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000119035329.A65749>