> From the source code:
> 35 int main(int argc,char **argv)
> 36 {
> 37 int i,tty,useunicode=0;
> 38 char *fontf=0,*translationf=0,*keymapf=0;
> 39
> 40 get_ids();
> 41 set_user_id();
> ...
> 301 int user_id;
> 302 int acon_id;
> 303
> 304 void get_ids(void)
> 305 {
> 306 user_id=getuid();
> 307 acon_id=geteuid();
> 308 }
> 309 void set_user_id(void)
> 310 {
> 311 seteuid(user_id);
> 312 }
> So why do you think it does not drop setuid root, the code does?
You are right in that it drops seteuid. Given arbitrary code execution
(which looks possible by trashing the return address of main) one can
still seteuid back to root.
Helmut
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
