Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight

From: Casper Dik (casperat_private)
Date: Thu Apr 08 1999 - 00:38:40 PDT

Next message: DaChronic: "security hole (READ AS: security chasm) in ICQ-Webserver"

Previous message: Russell Van Tassell: "Solaris7 and ff.core"
Next in thread: Mark Crispin: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>These programs should probably do a setuid() instead, which affects
>saved-user-id as well.
>
>This problem isn't huge, you might say, because whenever you do a
>fork() or similar, the saved-user-id should be reset. But if you can
>take control of the application via a buffer overflow or the like, and
>saved-user-id is root then you have no problem of getting the root
>priviledges back before doing a fork().
'

fork() does not affect uids at all.

exec* does.

Note that both setuid(uid) (as root) and setreuid(uid,uid) should
get rid of the saved uid.

Casper

Next message: DaChronic: "security hole (READ AS: security chasm) in ICQ-Webserver"
Previous message: Russell Van Tassell: "Solaris7 and ff.core"
Next in thread: Mark Crispin: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:46 PDT