Date: Mon, 24 Mar 1997 19:20:42 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> To: Warner Losh <imp@village.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/stdtime localtime.c Message-ID: <Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru> In-Reply-To: <E0w9BaA-00057e-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Mar 1997, Warner Losh wrote: > In message <Pine.BSF.3.95q.970324162624.660E-100000@nagual.ru> =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= writes: > : You can't determine setuid without issetuid() syscall implementing, so > : this change gives only false sense of security. Priveledges can be > : dropped before the moment you check them using getuid()/geteuid() and > : restored back to suid after your check, so your check gains nothing. > > If privs are dropped, then my check is still valid. I think this is > acceptible. Since if the privs are dropped, the user is running > normal, there is no need for this check which just prevents people > from reading files they otherwise shouldn't be reading. It is what I call false sense of security. This example show thing you can't bypass without issetuid(): privs initially on privs off (by program) (your check shows nothing and allow some flexibility) intruder write some nasty code to the stack privs on (by program) He got priveledges! There is many programs which falls into that category. -- Andrey A. Chernov <ache@null.net> http://www.nagual.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970324191537.2099B-100000>