Re: issetugid [deraadt@CVS.OPENBSD.ORG]

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sun, 12 Jul 1998 16:42:45 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andi Kleen: "Re: Strange interrupt behaviour"
Previous message: Alan Cox: "Re: Linus Speaks About KDE-Bashing"

> environment, and how FreeBSD addresses this issue. I think that
> keeping this kind of info in the kernel is a Great Idea [tm]:

This has been discussed for a while on the security-audit list. There
is a problem with knowing if a program was setuid. A whole syscall is
not the answer however.

> > Here's the code snippet in tzload() that matters:
> >
> > if (name != NULL && issetugid() != 0)
> > if ((name[0] == ':' && name[1] == '/') ||
> > name[0] == '/' || strchr(name, '.'))
> > name = NULL;

Which is buggy as I pointed out to Theo.

Whats been proposed on the security-audit list is to have the notion
of a "not tainted" capability in 2.1.x. (Its a "not..." because of
the fact you can lose capabilities but not gain them)

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Andi Kleen: "Re: Strange interrupt behaviour"
Previous message: Alan Cox: "Re: Linus Speaks About KDE-Bashing"