From owner-freebsd-security@FreeBSD.ORG Mon Oct 1 10:58:40 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1B039106566C for ; Mon, 1 Oct 2012 10:58:40 +0000 (UTC) (envelope-from erik@cederstrand.dk) Received: from csmtp3.one.com (csmtp3.one.com [91.198.169.23]) by mx1.freebsd.org (Postfix) with ESMTP id D002D8FC0C for ; Mon, 1 Oct 2012 10:58:39 +0000 (UTC) Received: from [192.168.1.18] (unknown [217.157.7.221]) by csmtp3.one.com (Postfix) with ESMTPA id 4CD2D24062B8; Mon, 1 Oct 2012 10:58:33 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\)) From: Erik Cederstrand In-Reply-To: <20121001104901.GJ35915@deviant.kiev.zoral.com.ua> Date: Mon, 1 Oct 2012 12:58:41 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <9DD86238-51C8-4F38-B7EB-BD773039888B@cederstrand.dk> <20121001104901.GJ35915@deviant.kiev.zoral.com.ua> To: Konstantin Belousov X-Mailer: Apple Mail (2.1486) Cc: "freebsd-security@freebsd.org" Subject: Re: Opinion on checking return value of setuid(getuid())? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2012 10:58:40 -0000 Den 01/10/2012 kl. 12.49 skrev Konstantin Belousov = : > setuid() might also fail for other reasons, e.g. due to custom MAC = module. >=20 > In case of ping, does the failure of dropping the suid bit is = important ? I believe it is. If 'setuid()' fails then 'uid' becomes 0 and it's = possible e.g. to do a "Flood ping". Erik=