From owner-freebsd-audit  Tue Apr  3  8:57:41 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP id CA3D437B722
	for <audit@FreeBSD.ORG>; Tue,  3 Apr 2001 08:57:38 -0700 (PDT)
	(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id LAA37866;
	Tue, 3 Apr 2001 11:57:29 -0400
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p0510090db6efa3128767@[128.113.24.47]>
In-Reply-To: <20010403125825.C75920@ida.interface-business.de>
References: <20010403125825.C75920@ida.interface-business.de>
Date: Tue, 3 Apr 2001 11:57:28 -0400
To: Joerg Wunsch <joerg_wunsch@interface-systems.de>,
	audit@FreeBSD.ORG
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: security nit in lpr/common/common.c?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 12:58 PM +0200 4/3/01, J Wunsch wrote:
>Shouldn't this be
>
>	while ((d = readdir(dirp)) != NULL) {
>		int i;
>
>		if (d->d_name[0] != 'c' || d->d_name[1] != 'f')
>			continue;	/* daemon control files only */
>		seteuid(euid);
>		i = stat(d->d_name, &stbuf);
>		seteuid(uid);
>		if (i < 0)
>			continue;	/* Doesn't exist */
>
>instead?

Yes, something like that would be more strictly correct.  I'll
change it.


-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message