Date: Mon, 24 Mar 1997 08:22:46 -0700 From: Warner Losh <imp@village.org> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/stdtime localtime.c Message-ID: <E0w9BaA-00057e-00@rover.village.org> In-Reply-To: Your message of "Mon, 24 Mar 1997 16:28:41 %2B0300." <Pine.BSF.3.95q.970324162624.660E-100000@nagual.ru> References: <Pine.BSF.3.95q.970324162624.660E-100000@nagual.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.95q.970324162624.660E-100000@nagual.ru> =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= writes: : You can't determine setuid without issetuid() syscall implementing, so : this change gives only false sense of security. Priveledges can be : dropped before the moment you check them using getuid()/geteuid() and : restored back to suid after your check, so your check gains nothing. If privs are dropped, then my check is still valid. I think this is acceptible. Since if the privs are dropped, the user is running normal, there is no need for this check which just prevents people from reading files they otherwise shouldn't be reading. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0w9BaA-00057e-00>