Opinion on checking return value of setuid(getuid())?
Xin Li
delphij at delphij.net
Tue Oct 2 21:44:05 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/02/12 07:45, Eitan Adler wrote:
> On 2 October 2012 08:38, Erik Cederstrand <erik at cederstrand.dk>
> wrote:
>> Den 01/10/2012 kl. 13.55 skrev Eitan Adler
>> <lists at eitanadler.com>:
>>
>>> On 1 October 2012 07:08, Konstantin Belousov
>>> <kostikbel at gmail.com> wrote:
>>>> I do not believe in the dreadful 'flood ping' security
>>>> breach. Is a local escalation possible with non-dropped root
>>>> ?
>>>
>>> It is clearly a local escalation: a non-root user can do
>>> something which was intended only for root. It is a different
>>> question how serious the breach is.
>>
>> Are there any objections to the path I attached in my first post?
>> To the approach in general? If not, I'll send a PR so it doesn't
>> get lost.
> Not by me. Please cc me on the PR as I'll commit if no one else
> objects.
It doesn't seem hurt in general but if you are going to commit it
please also change the other instances in the base system.
I personally don't think this is useful either -- the case does not
apply to FreeBSD and it seems that the Linux implementation is
actually a POSIX violation as setuid() is not permitted to return ENOMEM.
Cheers,
- --
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJQa2AkAAoJEG80Jeu8UPuzgYEIAJ3C6ktqB/Pbc7oMiKv0+WJQ
NJ5RHWqXp98mDDWrkVhwiCoYjACgvnrRmHujk4Rc/uo5+fVNAGGsagvuBn04ZXOk
ANDG+dpsYN1uuQQtabheoO/EoZRVd+0q84mM9gNC6qcHPzXgqJLc+pRQpfG2tTxk
wqYqG4d4FTSGveOiGqJV8jvvAyLIxhEXvaoLNEPYyKKC7tKVEOZDH355Zi0C0KIh
otZrlKna7WECSd3vCZArnd/qTO+s9WorgUGXPJdN57a1r4QIZM1/Hrja5R2wMtvU
dLeo+MVnDjmP6Lpp22dQFg/sj3LQnnVTTC/uZSYanfqf6f6xFjm8hp+EkhJJdjA=
=12ki
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list