Re: arbitrary IDs with available UID 0?

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: arbitrary IDs with available UID 0?

From:	Roland McGrath
Subject:	Re: arbitrary IDs with available UID 0?
Date:	Fri, 8 Nov 2002 13:57:45 -0500 (EST)

> The doc says that you are allowed to create auth objects associated with any
> IDs if you have euid 0, and the code actually allows it even if only auid 0.
> 
> (Because isroot() uses isuid() and isuid() allows both).

I think it needs to be fixed.  In POSIX.1, seteuid(123) should not work if
your euid!=0 and your ruid==0 (and 123 is some unrelated uid).

[Prev in Thread]

Current Thread

[Next in Thread]

arbitrary IDs with available UID 0?, Marcus Brinkmann, 2002/11/08
- Re: arbitrary IDs with available UID 0?, Roland McGrath <=
- Re: arbitrary IDs with available UID 0?, Thomas Bushnell, BSG, 2002/11/08

Prev by Date: Re: oskit driver for i8042 keyboard controller
Next by Date: Re: oskit driver for i8042 keyboard controller
Previous by thread: arbitrary IDs with available UID 0?
Next by thread: Re: arbitrary IDs with available UID 0?
Index(es):
- Date
- Thread