Date: Wed, 05 Feb 1997 14:23:09 -0800 From: David Greenman <dg@root.com> To: Karl Denninger <karl@Mcs.Net> Cc: tqbf@enteract.com, freebsd-security@freebsd.org Subject: Re: While we're on the subject... Message-ID: <199702052223.OAA11687@root.com> In-Reply-To: Your message of "Wed, 05 Feb 1997 15:42:56 CST." <199702052142.PAA15082@Jupiter.Mcs.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> What's holding FreeBSD up on supporting issetugid()? >> >> ---------------- >> Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] >> ---------------- >> "I'm standing alone, I'm watching you all, I'm seeing you sinking." > >If euid != uid, then you're running SUID *NOW*. >If euid = 0, then you're running as root *NOW*. > >Why does it matter what you might have been sometime before? The issue is >what you are running as at the time the call is made, no? Programs that were once privileged might have read sensitive information into memory which could possibly be read out if some hole were exploited. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702052223.OAA11687>