Date: Wed, 05 Feb 2003 16:41:05 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: Anoop Ranganath <anoop@ranganath.com>, freebsd-current@freebsd.org Subject: Re: tmpfile breakage on setuid executables Message-ID: <3E41AF21.F55C313F@mindspring.com> References: <00e201c2cd5b$14f31c30$0c02040a@ranganath> <3E41846A.39AAE406@mindspring.com> <015c01c2cd60$7b6dc0a0$0c02040a@ranganath> <3E418C3C.F4B99C78@mindspring.com> <3E419743.6144BE0B@mindspring.com> <20030205232854.GC86606@opus.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" wrote: > > Apparently, there was a bug fixed in 4.7 -> 5.0, where the > > effective UID was being tested instead of the real UID. > > > > This is probably something that someone should MFC. > > Really? I just took a quick look at this, but I have to shove off > for now. In initial tests, I get the different results depending on > whether I'm using static or dynamic linking. But maybe it's me, I'll > look more carefully later. > > How about pointing out the bug you found? Hand me the pointy hat. The "bug" was that my test program seperated the operation into a function so I could try different crap, and adding the setuid(geteuid()) put a zero on the stack in the stack position Mike discovered was being used uninitialized. Really bizarre. Shouldn't compiling that stdio code have cause a warning?!? Is optimization disabled for the stdio code?!? -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E41AF21.F55C313F>