Re: sys_setuid bug found (the Debian man man setuid problem)

From: Linus Torvalds (torvalds@transmeta.com)
Date: Wed Aug 09 2000 - 20:58:03 EST

Next message: Linus Torvalds: "Re: Linux 2.4 Status"
Previous message: Andi Kleen: "Re: Why 2.2 kernels can't be IP routers!"
In reply to: Cesar Eduardo Barros: "sys_setuid bug found (the Debian man man setuid problem)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Aug 2000, Cesar Eduardo Barros wrote:
>
> I found the cause for the Debian man man bug (in which you can't run man as
> non-root user since 2.4.0-test6-pre1).

Good catch.

The set_user() for that particular case should just be dropped in fact,
turning that case into an empty case too. I mis-read the original setuid()
code.

> } else if (uid == current->suid) {
> if (set_user(uid) < 0)
> return -EAGAIN;
> } else

So just turn the above if() into an empty statement (and obviously it can
then be trivially cleaned up ;)

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: Linux 2.4 Status"
Previous message: Andi Kleen: "Re: Why 2.2 kernels can't be IP routers!"
In reply to: Cesar Eduardo Barros: "sys_setuid bug found (the Debian man man setuid problem)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:20 EST