On Jul 13, 2007, at 3:36 PM, Mathieu Bouchard wrote: > On Thu, 12 Jul 2007, Hans-Christoph Steiner wrote: >> This is only possible if you are running Pd as root, which is >> general is not a good idea. If Pd is running as a different user, >> then you wouldn't be able to gain root access. > > We are *only* talking about setuid (chmod +s) and not starting pd > from a root login. > > If pd is running as user "eighthave" but with setuid "root", pd is > dropping priviledges to be effectively just "eighthave", but does > it the wrong way, causing it to be able to regain effective "root" > later. > > I reported this bug last november: > > http://lists.puredata.info/pipermail/pd-dev/2006-11/007910.html > > I have fixed that bug in devel_0_39 on 2006.11.23.
Sorry, I didn't see the part that it was just related to setuid. It would be very nice to have this bug fix as a patch in the tracker so that it can be included in pd-vanilla and pd-extended. .hc > > _ _ __ ___ _____ ________ _____________ _____________________ ... > | Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada ------------------------------------------------------------------------ ---- Access to computers should be unlimited and total. - the hacker ethic _______________________________________________ [email protected] mailing list UNSUBSCRIBE and account-management -> http://lists.puredata.info/listinfo/pd-list
