This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Tuesday 24 July 2012 07:58:28 Florian Weimer wrote: > On Linux (except very current versions without funky security modules), > set*uid can fail with EAGAIN when RLIMIT_NPROC would be exceeded. > Missing return value checks are known to result in privilege escalation > vulnerabilities. It is a common coding error to call setuid before > setgid, so that the setgid fails, and checking for the setgid result > should prevent this mistake from going unnoticed. Therefore, I think it > makes sense to add the attribute to both groups of functions. SGTM -mike
Attachment:
signature.asc
Description: This is a digitally signed message part.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |