[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: Some thoughts about security in correct_password.c
From: Tito <farmatito () tiscali ! it>
Date: 2005-12-23 14:41:58
Message-ID: 200512231541.58820.farmatito () tiscali ! it
[Download RAW message or body]
On Friday 23 December 2005 15:00, you wrote:
> Tito,
>
> > if (( strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( strcmp ( pw-> pw_passwd, "*" ) == 0 )) {
> > + seteuid(0);
>
> Its nonsese for me. If euid!=0 you can`t allow usage any seteuid(n).
>
>
> --w
> vodz
>
From man setuid:
Thus, a setuid-root program wishing to temporarily drop root privi-
leges, assume the identity of a non-root user, and then regain root
privileges afterwards cannot use setuid. You can accomplish this with
the (non-POSIX, BSD) call seteuid.
From man seteuid:
seteuid sets the effective user ID of the current process. Unprivi-
leged user processes may only set the effective user ID to the real
user ID, the effective user ID or the saved user ID.
Maybe I misunderstood the man pages.... :-)
Don't worry about it, was just a thought.
Merry Christmas and Ciao,
Tito
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic