[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: arbitrary IDs with available UID 0?
From: |
Thomas Bushnell, BSG |
Subject: |
Re: arbitrary IDs with available UID 0? |
Date: |
08 Nov 2002 11:20:00 -0800 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:
> The doc says that you are allowed to create auth objects associated with any
> IDs if you have euid 0, and the code actually allows it even if only auid 0.
>
> (Because isroot() uses isuid() and isuid() allows both).
>
> Is the code wrong or the documentation? I think we should fix the code.
It seems to me that it's much cleaner to fix the code, so that auids
are really *not* used for anything.