Opinion on checking return value of setuid(getuid())?
Konstantin Belousov
kostikbel at gmail.com
Mon Oct 1 11:08:13 UTC 2012
On Mon, Oct 01, 2012 at 12:58:41PM +0200, Erik Cederstrand wrote:
> Den 01/10/2012 kl. 12.49 skrev Konstantin Belousov <kostikbel at gmail.com>:
>
> > setuid() might also fail for other reasons, e.g. due to custom MAC module.
> >
> > In case of ping, does the failure of dropping the suid bit is important ?
>
> I believe it is. If 'setuid()' fails then 'uid' becomes 0 and it's possible e.g. to do a "Flood ping".
I do not believe in the dreadful 'flood ping' security breach. Is a
local escalation possible with non-dropped root ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20121001/af3de52e/attachment.pgp
More information about the freebsd-security
mailing list