Date: Mon, 27 Nov 1995 12:14:19 -0600 (CST) From: Guy Helmer <ghelmer@alpha.dsu.edu> To: Charles Henrich <henrich@crh.cl.msu.edu> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Security bug? Message-ID: <Pine.OSF.3.91.951127121022.1480A-100000@alpha.dsu.edu> In-Reply-To: <199511270130.UAA01244@crh.cl.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 26 Nov 1995, Charles Henrich wrote: > I am attempting to track down this bug, and Its driving me crazy. I have > modified the NCSA web server to change its uid to whomever is authenticating to > it. If the person authenticating is root, I force a change ownership to a > different uid via setuid() seteuid() setgid() and setegid() calls. The > problem, is after all the set[ug]* calls, I am still able to execute programs > that I shouldnt even be able to read! Have you looked at setgroups(2)? Your program probably still has the wrong group(s) in the group access list. > [...] > In any case, if any of you have made it this far, any ideas? > > -Crh > Charles Henrich Michigan State University henrich@crh.cl.msu.edu Hope this helps, Guy Helmer Guy Helmer, Dakota State University Computing Services - ghelmer@alpha.dsu.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.3.91.951127121022.1480A-100000>