Re: [AD] Possible bug in src/libc.c |
[ Thread Index |
Date Index
| More lists.liballeg.org/allegro-developers Archives
]
On Sat, Feb 17, 2001 at 12:09:54AM +0100, Stepan Roh wrote:
> There is also euidaccess() which tests for effective ids, but that's
> glibc's extension. I checked its code and it is a little bit better, but
> generally the same as my code (with exception to supplementary groups
> checking). But if anyone is making Allegro programs setuid, the smallest
> problem is that FA_RDONLY is not set on proper files. Making any program
> setuid is a big security (and, in case of Allegro and svgalib or DGA,
> system stability) hole. He will be punished by something else :-).
I think it's sufficient just to check whether the effective uid
is 0, in which case the file is not read-only. 99% of Allegro
programs running with a different euid will have the euid of
root, in which case they have write access to all existing
files.
George