I found more occurences of unchecked values for set*id() functions in other
inetutils programs: ftpd, rcp.
It has different security impact if it can be triggered:
* rcp: local privilege escalation to the user running the binary
* ftpd: undefined behaviour without privilege escalation as all
Hi,
Several setuid(), setgid(), seteuid() and setguid() return values are not
checked in rlogin/rsh/rshd/uucpd code:
rlogin.c:
647 /* Now change to the real user ID. We have to be set-user-ID root
648 to get the privileged port that rcmd () uses. We now want,
however,
649