From owner-freebsd-security@FreeBSD.ORG  Tue Oct  2 12:38:22 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 49367106564A
	for <freebsd-security@freebsd.org>;
	Tue,  2 Oct 2012 12:38:22 +0000 (UTC)
	(envelope-from erik@cederstrand.dk)
Received: from csmtp3.one.com (csmtp3.one.com [91.198.169.23])
	by mx1.freebsd.org (Postfix) with ESMTP id 05BD68FC0A
	for <freebsd-security@freebsd.org>;
	Tue,  2 Oct 2012 12:38:21 +0000 (UTC)
Received: from [192.168.1.18] (unknown [217.157.7.221])
	by csmtp3.one.com (Postfix) with ESMTPA id E673024004A8;
	Tue,  2 Oct 2012 12:38:14 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: Erik Cederstrand <erik@cederstrand.dk>
In-Reply-To: <CAF6rxgmKWfefr5tvM3-0PQM3EKWockkb8A4sCiyYekxs5b4fGA@mail.gmail.com>
Date: Tue, 2 Oct 2012 14:38:17 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <ECC8690A-9B5D-41FB-BF1D-CC170147BEEC@cederstrand.dk>
References: <9DD86238-51C8-4F38-B7EB-BD773039888B@cederstrand.dk>
	<20121001104901.GJ35915@deviant.kiev.zoral.com.ua>
	<F81C009D-F993-4398-B377-D0B4A0ABA7E3@cederstrand.dk>
	<20121001110805.GL35915@deviant.kiev.zoral.com.ua>
	<CAF6rxgmKWfefr5tvM3-0PQM3EKWockkb8A4sCiyYekxs5b4fGA@mail.gmail.com>
To: Eitan Adler <lists@eitanadler.com>
X-Mailer: Apple Mail (2.1486)
Cc: Konstantin Belousov <kostikbel@gmail.com>,
	"freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: Opinion on checking return value of setuid(getuid())?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2012 12:38:22 -0000

Den 01/10/2012 kl. 13.55 skrev Eitan Adler <lists@eitanadler.com>:

> On 1 October 2012 07:08, Konstantin Belousov <kostikbel@gmail.com> =
wrote:
>> I do not believe in the dreadful 'flood ping' security breach. Is a
>> local escalation possible with non-dropped root ?
>=20
> It is clearly a local escalation: a non-root user can do something
> which was intended only for root. It is a different question how
> serious the breach is.

Are there any objections to the path I attached in my first post? To the =
approach in general? If not, I'll send a PR so it doesn't get lost.

Thanks,
Erik=