[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Questionable code in m_chkids() in sbr/context_save.c

From: Jon Steinhart
Subject: Re: [Nmh-workers] Questionable code in m_chkids() in sbr/context_save.c
Date: Fri, 13 May 2005 21:08:41 -0700

> Jon Steinhart <address@hidden> wrote on May 13, 2005:
> >Saw this while looking for something else.
> >m_chkids() forks a child process to run context_save() if the
> >uid is not the same as the euid.  But, it ends up running as
> >if the uid and euid are the same if the fork() fails.  Seems
> >to me that this should be an error.  I realize that it will
> >probably result in later errors from being unable to access
> >the files, but those will be confusing since they won't indicate
> >the real problem.
> >Opinions?
> You shouldn't be making mh commands setuid, so the situation is
> unlikely to arise.  This probably isn't worth fixing, except as part
> of a complete revamp of core code.
>  -NWR

So give me a clue here.  Why shouldn't they be made setuid?  Someone
obviously thought enough about this to put this code there in the
first place.  If running setuid is a bad thing and shouldn't be done
would it be acceptable to just remove this whole piece of code?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]