Date: Mon, 1 Oct 2012 12:58:41 +0200 From: Erik Cederstrand <erik@cederstrand.dk> To: Konstantin Belousov <kostikbel@gmail.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Opinion on checking return value of setuid(getuid())? Message-ID: <F81C009D-F993-4398-B377-D0B4A0ABA7E3@cederstrand.dk> In-Reply-To: <20121001104901.GJ35915@deviant.kiev.zoral.com.ua> References: <9DD86238-51C8-4F38-B7EB-BD773039888B@cederstrand.dk> <20121001104901.GJ35915@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Den 01/10/2012 kl. 12.49 skrev Konstantin Belousov = <kostikbel@gmail.com>: > setuid() might also fail for other reasons, e.g. due to custom MAC = module. >=20 > In case of ping, does the failure of dropping the suid bit is = important ? I believe it is. If 'setuid()' fails then 'uid' becomes 0 and it's = possible e.g. to do a "Flood ping". Erik=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F81C009D-F993-4398-B377-D0B4A0ABA7E3>