閱讀文章 - 看板 FB_security

發信人erik@cederstrand.dk (Erik Cederstrand),

看板FB_security

標題Re: Opinion on checking return value of setuid(getuid())?

發信站NCTU CS FreeBSD Server (Tue Oct 2 22:38:17 2012)

轉信站ptt!csnews.cs.nctu!news.cs.nctu!FreeBSD.cs.nctu!freebsd.org!owner-free

Den 01/10/2012 kl. 13.55 skrev Eitan Adler <lists@eitanadler.com>: > On 1 October 2012 07:08, Konstantin Belousov <kostikbel@gmail.com> = wrote: >> I do not believe in the dreadful 'flood ping' security breach. Is a >> local escalation possible with non-dropped root ? >=20 > It is clearly a local escalation: a non-root user can do something > which was intended only for root. It is a different question how > serious the breach is. Are there any objections to the path I attached in my first post? To the = approach in general? If not, I'll send a PR so it doesn't get lost. Thanks, Erik= _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"