<URL: http://bugs.freeciv.org/Ticket/Display.html?id=39901 >
Please use the email interface, your comments were not sent to the list.
> Not really, it's more of a security thing.
> Quote from one of our kernel guys: "The problem is that without a mode
> being passed, the kernel uses whatever the stack contents are. And yes,
> its conceivable the stack contents could create a world writable setuid
> file which cannot ever be the intended operation."
Speaking as a long-time Internet security guy, that sounds like a
serious userland/kernel interface implementation bug!!!!
First of all, according to the documentation, the mask is optional --
you really need to use varargs here, that's what the "..." means in the
Secondly, according to the documentation, the mask is AND'd with the
current umask. There *MUST NOT* be any way for AND to set new bits!
I'll pass this along to the Linux NFS kernel maintainers when I see
them on Wednesday....
Freeciv-dev mailing list