Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits

Ar Sul, 2006-08-20 am 19:30 +0400, ysgrifennodd Solar Designer:
> The problem is that there are lots of privileged userspace programs that
> do not bother to check the return value from set*uid() calls (or
> otherwise check that the calls succeeded) before proceeding with work
> that is only safe to do with the *uid switched as intended.

People keep saying this but we seem short of current, commonly shipped
examples. And quite frankly any code that doesn't check setuid returns
is unlikely to be fit for purpose in any other way and presumably has
never been adequately audited.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
    • From: Willy Tarreau <[email protected]>

• References:
  • [PATCH] set*uid() must not fail-and-return on OOM/rlimits
    • From: Solar Designer <[email protected]>
  • Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
    • From: [email protected] (Alex Riesen)
  • Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
    • From: Solar Designer <[email protected]>

• Prev by Date: [PATCH 2/7] CPU controller V1 - define group operations
• Next by Date: [PATCH 3/7] CPU controller V1 - deal with movement of tasks
• Previous by thread: Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
• Next by thread: Re: [PATCH] set*uid() must not fail-and-return on OOM/rlimits
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]