Hi Helmut,
* Helmut Grohne <[EMAIL PROTECTED]> [2008-04-13 00:36]:
> > From the source code:
[...]
> > 309 void set_user_id(void)
> > 310 {
> > 311 seteuid(user_id);
> > 312 }
>
> > So why do you think it does not drop setuid root, the code does?
>
> You are right in that it drops seteuid. Given arbitrary code execution
> (which looks possible by trashing the return address of main) one can
> still seteuid back to root.Oh true, my bad. I totally missed that it only changes the effected user id. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpaGWt2ZR6F4.pgp
Description: PGP signature
