Date: Tue, 2 Oct 2012 23:56:46 +0200 From: Erik Cederstrand <erik@cederstrand.dk> To: d@delphij.net Cc: Konstantin Belousov <kostikbel@gmail.com>, Eitan Adler <lists@eitanadler.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Opinion on checking return value of setuid(getuid())? Message-ID: <87FA4CBA-001F-4C92-8B92-D650A9678864@cederstrand.dk> In-Reply-To: <506B6024.8050908@delphij.net> References: <9DD86238-51C8-4F38-B7EB-BD773039888B@cederstrand.dk> <20121001104901.GJ35915@deviant.kiev.zoral.com.ua> <F81C009D-F993-4398-B377-D0B4A0ABA7E3@cederstrand.dk> <20121001110805.GL35915@deviant.kiev.zoral.com.ua> <CAF6rxgmKWfefr5tvM3-0PQM3EKWockkb8A4sCiyYekxs5b4fGA@mail.gmail.com> <ECC8690A-9B5D-41FB-BF1D-CC170147BEEC@cederstrand.dk> <CAF6rxgnkLcoL4eAbKxC=-OY=G9O--TLYT8C2xEtu1u7yrNUD5A@mail.gmail.com> <506B6024.8050908@delphij.net>
index | next in thread | previous in thread | raw e-mail
Den 02/10/2012 kl. 23.44 skrev Xin Li <delphij@delphij.net>: > On 10/02/12 07:45, Eitan Adler wrote: >> On 2 October 2012 08:38, Erik Cederstrand <erik@cederstrand.dk> >> wrote: >>> Den 01/10/2012 kl. 13.55 skrev Eitan Adler >>> <lists@eitanadler.com>: >>> >>>> On 1 October 2012 07:08, Konstantin Belousov >>>> <kostikbel@gmail.com> wrote: >>>>> I do not believe in the dreadful 'flood ping' security >>>>> breach. Is a local escalation possible with non-dropped root >>>>> ? >>>> >>>> It is clearly a local escalation: a non-root user can do >>>> something which was intended only for root. It is a different >>>> question how serious the breach is. >>> >>> Are there any objections to the path I attached in my first post? >>> To the approach in general? If not, I'll send a PR so it doesn't >>> get lost. >> Not by me. Please cc me on the PR as I'll commit if no one else >> objects. > > It doesn't seem hurt in general but if you are going to commit it > please also change the other instances in the base system. I'll do my best. There are around 200 of these in base, but some are the result of macro expansion so it may not be too bad. Erikhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87FA4CBA-001F-4C92-8B92-D650A9678864>