This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Declare set*id with warn_unused_result
- From: Rich Felker <dalias at aerifal dot cx>
- To: libc-alpha at sourceware dot org
- Date: Tue, 24 Jul 2012 10:44:04 -0400
- Subject: Re: [PATCH] Declare set*id with warn_unused_result
- References: <500E8DE4.5060006@redhat.com>
On Tue, Jul 24, 2012 at 01:58:28PM +0200, Florian Weimer wrote:
> On Linux (except very current versions without funky security
> modules), set*uid can fail with EAGAIN when RLIMIT_NPROC would be
> exceeded. Missing return value checks are known to result in
> privilege escalation vulnerabilities. It is a common coding error
> to call setuid before setgid, so that the setgid fails, and checking
> for the setgid result should prevent this mistake from going
> unnoticed. Therefore, I think it makes sense to add the attribute
> to both groups of functions.
Hopefully this will also generate a warning for the unsafe usage in
NPTL's setxid wrapper and get somebody to address bug #13347 which has
so far been completely ignored...
Rich