On Tue, Jan 18, 2000 at 02:12:02PM +0800, Peter Wemm wrote:
> .. and why is this a security hole? setresuid(geteuid(), geteuid(), geteuid())
> is equivalent to setuid(geteuid())..
Umm, maybe not the hole exactly, but difference between same area syscalls
implementation.
We define POSIX_APPENDIX_B_4_2_2 by default for setuid(geteuid()), but I
mean case when it is _not_ defined (BTW, why to have define which is
always on?)
And in case POSIX_APPENDIX_B_4_2_2 is not defined,
ruid = euid;
assignment was not allowed before you add new syscall.
--
Andrey A. Chernov
http://nagual.pp.ru/~ache/
MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
