Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 1 Oct 2012 13:39:33 +0200
From:      Erik Cederstrand <erik@cederstrand.dk>
To:        Konstantin Belousov <kostikbel@gmail.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: Opinion on checking return value of setuid(getuid())?
Message-ID:  <2E17A82C-16D8-4DCD-86F0-93C28C5C4257@cederstrand.dk>
In-Reply-To: <20121001110805.GL35915@deviant.kiev.zoral.com.ua>
References:  <9DD86238-51C8-4F38-B7EB-BD773039888B@cederstrand.dk> <20121001104901.GJ35915@deviant.kiev.zoral.com.ua> <F81C009D-F993-4398-B377-D0B4A0ABA7E3@cederstrand.dk> <20121001110805.GL35915@deviant.kiev.zoral.com.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
Den 01/10/2012 kl. 13.08 skrev Konstantin Belousov =
<kostikbel@gmail.com>:
>=20
> I do not believe in the dreadful 'flood ping' security breach. Is a
> local escalation possible with non-dropped root ?

No idea. Reading the code, I see some functionality the author decided =
should only be accessible to root users. There's 600 lines of code left =
in main() and I'm not skilled enough to see if there are any potential =
exploits left.

If it's not a security breach then I'm on the wrong list, but I guess it =
still leads to unintended behavior if setuid() fails?

Erik=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2E17A82C-16D8-4DCD-86F0-93C28C5C4257>