gpg im CGI Script

Werner Koch
Thu, 6 Jul 2000 16:28:18 +0200

On Wed, 5 Jul 2000, Stefan Suurmeijer wrote:

> Anyway, advising people to use secure memory by using suid is great, but
> make sure you warn them that for some kernel versions they might be
> opening themselves up to other risks. There are people out there that

>From my understanding about the problem this code (from 1.0.1h)
if( setuid( uid ) || getuid() != geteuid() || !setuid(0) ) log_fatal("failed to reset uid: %s\n", strerror(errno)); is a safeguard against the faulty setcap implementation. The term "|| !setuid(0)" should always we false unless someone tries the setcap exploit in whichcase the setuid(0) will succeed. Note, this code is note used when running as root. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email D-40233 Duesseldorf