Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Apr 2001 11:57:28 -0400
From:      Garance A Drosihn <drosih@rpi.edu>
To:        Joerg Wunsch <joerg_wunsch@interface-systems.de>, audit@FreeBSD.ORG
Subject:   Re: security nit in lpr/common/common.c?
Message-ID:  <p0510090db6efa3128767@[128.113.24.47]>
In-Reply-To: <20010403125825.C75920@ida.interface-business.de>
References:  <20010403125825.C75920@ida.interface-business.de>

next in thread | previous in thread | raw e-mail | index | archive | help
At 12:58 PM +0200 4/3/01, J Wunsch wrote:
>Shouldn't this be
>
>	while ((d = readdir(dirp)) != NULL) {
>		int i;
>
>		if (d->d_name[0] != 'c' || d->d_name[1] != 'f')
>			continue;	/* daemon control files only */
>		seteuid(euid);
>		i = stat(d->d_name, &stbuf);
>		seteuid(uid);
>		if (i < 0)
>			continue;	/* Doesn't exist */
>
>instead?

Yes, something like that would be more strictly correct.  I'll
change it.


-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510090db6efa3128767>