Date: Thu, 8 Jan 2009 22:20:26 -0800 From: Chris Palmer <chris@noncombatant.org> To: freebsd-security@freebsd.org Subject: Incorrect (?) documentation for setreuid(2) could lead to security issues for user code Message-ID: <20090109062026.GI38127@noncombatant.org>
next in thread | raw e-mail | index | archive | help
According to section 6.4.1 of "Setuid Demystified": http://www.cs.ucdavis.edu/~hchen/paper/usenix02.html FreeBSD 4.4's setreuid(2) man page is wrong. The man page for FBSD 7 says the same thing. Is it still wrong, or was the implementation changed to match the documentation? This person noticed the same problem for OBSD: http://www.nabble.com/setreuid()-documentation-is-confusing-and-wrong-td7953251.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090109062026.GI38127>