Re: Opinion on checking return value of setuid(getuid())?
Den 01/10/2012 kl. 13.08 skrev Konstantin Belousov =
<kostikbel@gmail.com>:
>=20
> I do not believe in the dreadful 'flood ping' security breach. Is a
> local escalation possible with non-dropped root ?
No idea. Reading the code, I see some functionality the author decided =
should only be accessible to root users. There's 600 lines of code left =
in main() and I'm not skilled enough to see if there are any potential =
exploits left.
If it's not a security breach then I'm on the wrong list, but I guess it =
still leads to unintended behavior if setuid() fails?
Erik=
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 7 之 14 篇):