[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: arbitrary IDs with available UID 0?
From: |
Roland McGrath |
Subject: |
Re: arbitrary IDs with available UID 0? |
Date: |
Fri, 8 Nov 2002 13:57:45 -0500 (EST) |
> The doc says that you are allowed to create auth objects associated with any
> IDs if you have euid 0, and the code actually allows it even if only auid 0.
>
> (Because isroot() uses isuid() and isuid() allows both).
I think it needs to be fixed. In POSIX.1, seteuid(123) should not work if
your euid!=0 and your ruid==0 (and 123 is some unrelated uid).