This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 07/24/2012 06:07 AM, Florian Weimer wrote:The set*uid kernel changes have not been backported widely, and software has to run correctly on such kernels
But typically there is no reasonable way to run correctly on such kernels, right? For example, a library function might invoke seteuid to temporarily change the EUID, and invoke seteuid again to change it back. If the latter call fails, there's nothing the function can do.
If this proposed change were installed, it's plausible that an application developer wouldn't notice this sort of issue, and would introduce further security bugs in an attempt to pacify GCC.
Users with unfixed kernels will have the problem regardless of the proposed change, since they'll almost invariably be using unfixed apps as well.
-- Florian Weimer / Red Hat Product Security Team
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |