IT> I do not know what happens if luit with luit-freebsd.patch is
IT> setuid'ed to a non-root user.
>> It looks like it's a security hole on _POSIX_SAVED_IDS systems.
I've just sent a patch to disable that case. If anybody complains, I
can add code to use setresuid in that case.
IT> I do not see how it can be.
IT> Following is my understanding: suppose systems with POSIX-setuid. If
IT> luit is setuid'ed to a non-root user, say, daemon, and a user called
IT> tom launches it, luit runs with the real and saved UIDs tom and
IT> effective UID daemon.
I understand that suid is now daemon. The Linux man page is not quite
clear about that, here's what the FreeBSD man page says:
> After any set-user-ID and set-group-ID processing, the effective user
> ID is recorded as the saved set-user-ID,
And here's the SUSv4 wording:
> The effective user ID and effective group ID of the new process
> image are saved (as the saved set-user-ID and the saved set-group-ID
> for use by setuid( ).
IT> After setuid, the effective UID changes to tom, resulting in all
IT> the three UIDs equal to the real UID.
No, suid is still daemon. Fork, exec(/bin/sh), and the user can
setuid(daemon).
Juliusz
_______________________________________________
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
