On Fri, 3 Mar 2000, LaMont Jones wrote: > > Since the saved uid survives across fork() and exec(), any buffer > > overrun or similar bug in mtr is just as bad as if mtr had never done > > the seteuid() at all. > > Saved-uid should get dropped on exec(), shouldn't it? > I stand corrected. Saved uid is set to the effective uid on exec. Makes it harder to do nasty stuff with it. /Viktor... --| Viktor Fougstedt, system administrator at dtek.chalmers.se |-- --| http://www.dtek.chalmers.se/~viktor/ |-- --| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:02 PDT