From owner-freebsd-security Mon Nov 1 14:39:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id DCE6614F95 for ; Mon, 1 Nov 1999 14:39:35 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.5/nospam) with UUCP id XAA03318 for freebsd-security@FreeBSD.ORG; Mon, 1 Nov 1999 23:39:34 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id CFD28878D; Mon, 1 Nov 1999 20:40:06 +0100 (CET) Date: Mon, 1 Nov 1999 20:40:06 +0100 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use Message-ID: <19991101204006.B39857@keltia.freenix.fr> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <14364.64172.638014.558487@anarcat.dyndns.org> <19991101173955.L72085@bitbox.follo.net> <14365.50723.872972.30971@anarcat.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0pre2i In-Reply-To: <14365.50723.872972.30971@anarcat.dyndns.org> X-Operating-System: FreeBSD 4.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Spidey: > Yes. I found very surprising that xlock would _need_ to be setuid... You can't get the password of any user if your euid is not 0. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #74: Thu Sep 9 00:20:51 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message