On Wed, 19 Jan 2000, Andrey A. Chernov wrote:
> On Tue, Jan 18, 2000 at 02:12:02PM +0800, Peter Wemm wrote:
> > .. and why is this a security hole? setresuid(geteuid(), geteuid(), geteuid())
> > is equivalent to setuid(geteuid())..
>
> Umm, maybe not the hole exactly, but difference between sam
On Tue, Jan 18, 2000 at 02:12:02PM +0800, Peter Wemm wrote:
> .. and why is this a security hole? setresuid(geteuid(), geteuid(), geteuid())
> is equivalent to setuid(geteuid())..
Umm, maybe not the hole exactly, but difference between same area syscalls
implementation.
We define POSIX_APPENDIX
"Andrey A. Chernov" wrote:
> Newly introduced seresuid call add security hole too. Compare following
> checks. First one comes from
>
> setreuid:
>
> if (((ruid != (uid_t)-1 && ruid != pc->p_ruid && ruid != pc->p_svuid) |
|
>(euid != (uid_t)-1 && euid != pc->pc_ucred->cr_ui
Newly introduced seresuid call add security hole too. Compare following
checks. First one comes from
setreuid:
if (((ruid != (uid_t)-1 && ruid != pc->p_ruid && ruid != pc->p_svuid) ||
(euid != (uid_t)-1 && euid != pc->pc_ucred->cr_uid &&
euid != pc->p_ruid && eu
