From: Juliusz Chroboczek <[EMAIL PROTECTED]> Subject: Re: Some patches to luit Date: 14 Mar 2003 21:12:00 +0100 > IT> I am fine if luit searches /dev/pty[p-zP-T][0-9a-v] instead of > IT> /dev/pty[p-zP-T][0-9a-f]. > > Fine. I'll send a patch straight away.
Thanks. > IT> I do not know what happens if luit with luit-freebsd.patch is > IT> setuid'ed to a non-root user. > > It looks like it's a security hole on _POSIX_SAVED_IDS systems. I do not see how it can be. Could you tell me how, or is it too serious to talk in the open? Following is my understanding: suppose systems with POSIX-setuid. If luit is setuid'ed to a non-root user, say, daemon, and a user called tom launches it, luit runs with the real and saved UIDs tom and effective UID daemon. After setuid, the effective UID changes to tom, resulting in all the three UIDs equal to the real UID. What is wrong? Best regards, Tsuyoshi --- ITO Tsuyoshi <[EMAIL PROTECTED]> --- --- Dept. of Computer Science, University of Tokyo. --- _______________________________________________ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
