Re: High UID support for Linux

Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Wed, 02 Dec 1998 21:47:21 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Barton-Davis: "Re: 2.1.130UP and network connections"
Previous message: Brandon S. Allbery KF8NH: "Re: NTP dumps Linux, film at 11. [Fwd/FYI]"

In message <7446vb$g5g$1@palladium.transmeta.com>, H. Peter Anvin writes:
+-----
| Then your customer's program is buggy, unless it intends to refer to
| the HOME and USER of the *user who started the setuid program*.
+--->8

Setuid programs should not trust environment variables, as a general
security principle. getpwuid(getuid())->pw_dir is not unreasonable as an
alternative.

-- brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering KF8NH Kiss my bits, Billy-boy.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Barton-Davis: "Re: 2.1.130UP and network connections"
Previous message: Brandon S. Allbery KF8NH: "Re: NTP dumps Linux, film at 11. [Fwd/FYI]"