Date: Tue, 3 Apr 2001 11:57:28 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Joerg Wunsch <joerg_wunsch@interface-systems.de>, audit@FreeBSD.ORG Subject: Re: security nit in lpr/common/common.c? Message-ID: <p0510090db6efa3128767@[128.113.24.47]> In-Reply-To: <20010403125825.C75920@ida.interface-business.de> References: <20010403125825.C75920@ida.interface-business.de>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:58 PM +0200 4/3/01, J Wunsch wrote:
>Shouldn't this be
>
> while ((d = readdir(dirp)) != NULL) {
> int i;
>
> if (d->d_name[0] != 'c' || d->d_name[1] != 'f')
> continue; /* daemon control files only */
> seteuid(euid);
> i = stat(d->d_name, &stbuf);
> seteuid(uid);
> if (i < 0)
> continue; /* Doesn't exist */
>
>instead?
Yes, something like that would be more strictly correct. I'll
change it.
--
Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510090db6efa3128767>