Date: Tue, 14 Mar 1995 08:39:58 +0100 (MET) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@FreeBSD.org (FreeBSD hackers) Subject: Re: permissions for route(8) Message-ID: <199503140739.IAA01455@uriah.heep.sax.de> In-Reply-To: <9503132253.AA04660@blaise.ibp.fr> from "Ollivier Robert" at Mar 13, 95 11:53:20 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Ollivier Robert wrote: > > > Shouldn't that be ``uid = geteuid()'' instead? (Okay, my script could > > use a setuid, but there's no point in evaluating the real UID then.) > > lpc(8) has the same bug/feature : While i think this is of less importance for lpc(8) (since this is rather unlikely to run from a script?), it does not make sense to check for the real UID at all. A process with an effective UID of 0 is always able to switch its real UID, too. What do other people think? Should the check be changed to cover the EUID only? -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503140739.IAA01455>