Hello Michal, At 01:41 07.03.99 +0100, you wrote: >Exploited overflow in ipop3d could be used to gain superuser access (the >only thing done by ipop3d is setuid+setgid, no seteuid/setreuid). Fortunately, you are wrong here. Quoting from the Solaris' setuid() manpage: If the effective user ID of the process calling setuid() is the super-user, the real, effective, and saved user IDs are set to the uid parameter. Linux behaves the same way, IMHO this is defined in POSIX. cu.. Stefan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:41 PDT