mailing list archives
Re: Potential security problem with mtr
From: viktor () DTEK CHALMERS SE (Viktor Fougstedt)
Date: Fri, 3 Mar 2000 21:26:37 +0100
On Fri, 3 Mar 2000, LaMont Jones wrote:
Since the saved uid survives across fork() and exec(), any buffer
overrun or similar bug in mtr is just as bad as if mtr had never done
the seteuid() at all.
Saved-uid should get dropped on exec(), shouldn't it?
I stand corrected. Saved uid is set to the effective uid on
exec. Makes it harder to do nasty stuff with it.
--| Viktor Fougstedt, system administrator at dtek.chalmers.se |--
--| http://www.dtek.chalmers.se/~viktor/ |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--