On 2009-01-08, patrick keshishian <[email protected]> wrote: > > I don't know how to use git, nor am I finding their web-interface very > intuitive, but from the link you provided, looking at the "diff" for > main.c, upstream never had setuid(geteuid()) as far as I can see: > > /* Leave the current location */ > - (void) setsid(); /* No controlling tty. */ > + (void) setsid(); /* No controlling tty. */ > (void) umask (S_IRWXG|S_IRWXO); > - (void) chdir ("/"); /* no current directory. */ > + (void) chdir ("/"); /* no current directory. */ > + setuid(0); /* set real UID = root */ > setgid(getegid()); > > They only added the setuid(0).
They removed setuid(geteuid()) in the preceding commit, http://git.ozlabs.org/?p=ppp.git;a=commitdiff;h=8a68ed35b0312fe46436a3490097a4fd c5af1c95 > setuid(geteuid()) is equivalent to setuid(0) since set-user-ID pppd > will have effective uid of 0 (file owner is root). Hmmm. I wrote a test program to display geteuid() and made it setuid root, which only displayed the unprivileged uid, which is what I based my interpretation on. But now I realise /tmp was a bad choice of a location to run this since it's mounted nosuid... ;-) Ok, I agree with this now then.
