gpg im CGI Script
Werner Koch
wk@gnupg.org
Thu, 6 Jul 2000 16:28:18 +0200
On Wed, 5 Jul 2000, Stefan Suurmeijer wrote:
> Anyway, advising people to use secure memory by using suid is great, but
> make sure you warn them that for some kernel versions they might be
> opening themselves up to other risks. There are people out there that
>From my understanding about the problem this code (from 1.0.1h)
if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
log_fatal("failed to reset uid: %s\n", strerror(errno));
is a safeguard against the faulty setcap implementation. The
term "|| !setuid(0)" should always we false unless someone tries
the setcap exploit in whichcase the setuid(0) will succeed. Note,
this code is note used when running as root.
Werner
--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de