Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Feb 1997 15:53:16 -0600 (CST)
From:      "Thomas H. Ptacek" <tqbf@enteract.com>
To:        karl@Mcs.Net (Karl Denninger)
Cc:        tqbf@enteract.com, freebsd-security@freebsd.org
Subject:   Re: While we're on the subject...
Message-ID:  <199702052153.PAA06787@enteract.com>
In-Reply-To: <199702052142.PAA15082@Jupiter.Mcs.Net> from "Karl Denninger" at Feb 5, 97 03:42:56 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> If euid != uid, then you're running SUID *NOW*.
> If euid = 0, then you're running as root *NOW*.

Saved credentials. Processes that temporarily suspend privilege are just
as vulnerable as processes that maintain it. There's no good way to figure
out exactly what your credentials are from within libc. 

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"I'm standing alone, I'm watching you all, I'm seeing you sinking."




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702052153.PAA06787>