Yes you are. Remember that one of the most common ways of subverting
Unix systems is by making setuid programs and daemons do things they
were not intended to do. Here we're making a safe setuid program
unsafe because we've changed the meaning of read() from underneath it.
> The "setuid(getuid())" baffles me as well. If you had the extra
> privilege, you could have just exploited that fact without changing
> resetting the uid... And there is no such thing, really, as a
> "privileged portion of the program", either the whole program is
> setuid, or none of it is.
Bogus! It is *very* common for setuid programs to drop permissions in
order to access the filesystem or perform another operation (such as
exec()) as an unprivileged user. In this case, the hazard comes from
the "access the filesystem as an unprivileged user" operation.
-hpa
-- PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD 1E DF FE 69 EE 35 BD 74 See http://www.zytor.com/~hpa/ for web page and full PGP public key Always looking for a few good BOsFH. ** Linux - the OS of global cooperation I am Baha'i -- ask me about it or see http://www.bahai.org/