gpg im CGI Script
Stefan Suurmeijer
stefan@symbolica.nl
Thu, 6 Jul 2000 18:58:07 +0200 (CEST)
On Thu, 6 Jul 2000, Werner Koch wrote:
> >From my understanding about the problem this code (from 1.0.1h)
>
> if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
> log_fatal("failed to reset uid: %s\n", strerror(errno));
>
> is a safeguard against the faulty setcap implementation. The
> term "|| !setuid(0)" should always we false unless someone tries
> the setcap exploit in whichcase the setuid(0) will succeed. Note,
> this code is note used when running as root.
>
Hmm. Am I reading this wrong? I'm no C expert, but shouldn't the negation
be removed ( || setuid(0) as opposed to || !setuid(0)) ? If the setcap
exploit is used and setuid(0) succeeds, you want the if loop to be TRUE,
right? I just tried to implement the sendmail solution (see below) into
secmem.c (BTW, this didn't include the above check, although I downloaded
my current version just two weeks ago. When did 1.0.1h become available?)
---> snip
The sendmail patch attempts a setuid(0) after a setuid(getuid());
under normal circumstances this should fail (unless of course
the real uid is root). If this setuid(0) succeeds, then the>
kernel has failed to properly give up permissions and sendmail>
will refuse to continue running.
---> endsnip
> --
> Werner Koch OpenPGP key 621CC013
> OpenIT GmbH tel +49 211 239577-0
> Birkenstr. 12 email wk@OpenIT.de
> D-40233 Duesseldorf http://www.OpenIT.de
>
>
Stefan
==========================================
Stefan Suurmeijer
Network Specialist
University of Groningen
tel: (+31) 50 363 3423
fax: (+31) 50 363 7272
E-mail (business): s.m.suurmeijer@let.rug.nl
E-mail (private): stefan@symbolica.nl
==========================================
Quis custodiet ipsos custodes? (Who'll watch the watchmen?) - Unknown