[10134] in bugtraq
Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight
daemon@ATHENA.MIT.EDU (Casper Dik)
Thu Apr 8 13:49:00 1999
Date: Thu, 8 Apr 1999 09:38:40 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: Viktor Fougstedt <viktor@DTEK.CHALMERS.SE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Wed, 07 Apr 1999 20:00:33 +0200."
<Pine.GSO.4.10.9904071950390.6966-100000@seldon.dtek.chalmers.se>
>These programs should probably do a setuid() instead, which affects
>saved-user-id as well.
>
>This problem isn't huge, you might say, because whenever you do a
>fork() or similar, the saved-user-id should be reset. But if you can
>take control of the application via a buffer overflow or the like, and
>saved-user-id is root then you have no problem of getting the root
>priviledges back before doing a fork().
'
fork() does not affect uids at all.
exec* does.
Note that both setuid(uid) (as root) and setreuid(uid,uid) should
get rid of the saved uid.
Casper
