Re: Proposed change to setre[ug]id()
Stephen R. van den Berg (srb@cuci.nl)
Wed, 19 Jun 1996 04:23:57 +0200
"Theodore Y. Ts'o" <tytso@MIT.EDU> wrote:
>There are two problems; one is the one you pointed out, and the other is
>programs which drop the setuid bits, thinking they are then secure, and
>then start doing unsafe things like using gets() and statically-sized
>buffers on the stack.
Hmmm..., indeed, and then construct a setuid() system call.
Well, in that light, the current code looks just fine as it is.
--
Sincerely, srb@cuci.nl
Stephen R. van den Berg (AKA BuGless).
Auto repair rates: basic labor $40/hour; if you wait, $60; if you watch, $80;
if you ask questions, $100; if you help, $120; if you laugh, $140.