[4863] in Athena Bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

xdm/xlogin doesn't check return value from setuid()

daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu May 3 21:43:47 1990

Date: Thu, 3 May 90 21:43:32 -0400
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: bugs@ATHENA.MIT.EDU
Reply-To: tytso@ATHENA.MIT.EDU
In session.c, line 281 and in lines 920 and 1099 in verify.c, xdm does
not check the return value from setuid().  Unfortunately, the !*@*!
Ultrix kernel thinks it a fine idea to return "Invalid argument" for
uids greater than 32000.  This allows someone who has a username greater
than 32000 to be able to log in as root on Ultrix machines.  While this
bug does not affect any of the currently supported platforms, not
checking error returns from systen calls is Bad Karma.

						- Ted


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4863] in Athena Bugs

xdm/xlogin doesn't check return value from setuid()

daemon@ATHENA.MIT.EDU (Theodore Ts'o)Thu May 3 21:43:47 1990

daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu May 3 21:43:47 1990