Re: Proposed change to setre[ug]id()

Stephen R. van den Berg (srb@cuci.nl)
Wed, 19 Jun 1996 04:23:57 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: The SethMeister: "Re: Boot messages (Was: Re: Ideas for v2.1)"
Previous message: Todd Graham Lewis: "A Humble Suggestion for 2.0/2.1"
In reply to: Kevin M Bealer: "Re: Undelete in user space"

"Theodore Y. Ts'o" <tytso@MIT.EDU> wrote:
>There are two problems; one is the one you pointed out, and the other is
>programs which drop the setuid bits, thinking they are then secure, and
>then start doing unsafe things like using gets() and statically-sized
>buffers on the stack.

Hmmm..., indeed, and then construct a setuid() system call.
Well, in that light, the current code looks just fine as it is.

-- 
Sincerely,                                                          srb@cuci.nl
           Stephen R. van den Berg (AKA BuGless).
Auto repair rates: basic labor $40/hour; if you wait, $60; if you watch, $80;
if you ask questions, $100; if you help, $120; if you laugh, $140.

Next message: The SethMeister: "Re: Boot messages (Was: Re: Ideas for v2.1)"
Previous message: Todd Graham Lewis: "A Humble Suggestion for 2.0/2.1"
In reply to: Kevin M Bealer: "Re: Undelete in user space"