From owner-cvs-lib  Mon Mar 24 09:10:56 1997
Return-Path: <owner-cvs-lib>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id JAA18717
          for cvs-lib-outgoing; Mon, 24 Mar 1997 09:10:56 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA18479;
          Mon, 24 Mar 1997 09:07:49 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0w9DDd-0005Ii-00; Mon, 24 Mar 1997 10:07:37 -0700
To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru>
Subject: Re: cvs commit: src/lib/libc/stdtime localtime.c 
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-lib@freefall.freebsd.org
In-reply-to: Your message of "Mon, 24 Mar 1997 19:20:42 +0300."
		<Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru> 
References: <Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru>  
Date: Mon, 24 Mar 1997 10:07:36 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0w9DDd-0005Ii-00@rover.village.org>
Sender: owner-cvs-lib@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru> =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= writes:
: privs initially on 
: privs off (by program)
: (your check shows nothing and allow some flexibility)
: intruder write some nasty code to the stack
: privs on (by program)
: He got priveledges!

Yes.  I understand this.  This particular change however is just for
what files are opened, rather than to guard against buffer overflows.

I also understand that other of my patches are vulnerable to this too,
but at least some of the holes are closed, and the code is well marked
for when I see issetugid() goes into the kernel.  There is no false
sense of security, because I know the problem isn't completely solved
:-).

Warner