[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: arbitrary IDs with available UID 0?

From: Roland McGrath
Subject: Re: arbitrary IDs with available UID 0?
Date: Fri, 8 Nov 2002 13:57:45 -0500 (EST)

> The doc says that you are allowed to create auth objects associated with any
> IDs if you have euid 0, and the code actually allows it even if only auid 0.
> (Because isroot() uses isuid() and isuid() allows both).

I think it needs to be fixed.  In POSIX.1, seteuid(123) should not work if
your euid!=0 and your ruid==0 (and 123 is some unrelated uid).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]