Opinion on checking return value of setuid(getuid())?
Eitan Adler
lists at eitanadler.com
Tue Oct 2 14:46:06 UTC 2012
On 2 October 2012 08:38, Erik Cederstrand <erik at cederstrand.dk> wrote:
> Den 01/10/2012 kl. 13.55 skrev Eitan Adler <lists at eitanadler.com>:
>
>> On 1 October 2012 07:08, Konstantin Belousov <kostikbel at gmail.com> wrote:
>>> I do not believe in the dreadful 'flood ping' security breach. Is a
>>> local escalation possible with non-dropped root ?
>>
>> It is clearly a local escalation: a non-root user can do something
>> which was intended only for root. It is a different question how
>> serious the breach is.
>
> Are there any objections to the path I attached in my first post? To the approach in general? If not, I'll send a PR so it doesn't get lost.
Not by me. Please cc me on the PR as I'll commit if no one else objects.
--
Eitan Adler
More information about the freebsd-security
mailing list