Re: [AD] Possible bug in src/libc.c

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]

To: conductors@xxxxxxxxxx
Subject: Re: [AD] Possible bug in src/libc.c
From: George Foot <gfoot@xxxxxxxxxx>
Date: Sun, 18 Feb 2001 12:10:52 +0000

On Sat, Feb 17, 2001 at 12:09:54AM +0100, Stepan Roh wrote:
> There is also euidaccess() which tests for effective ids, but that's
> glibc's extension. I checked its code and it is a little bit better, but
> generally the same as my code (with exception to supplementary groups
> checking). But if anyone is making Allegro programs setuid, the smallest
> problem is that FA_RDONLY is not set on proper files. Making any program
> setuid is a big security (and, in case of Allegro and svgalib or DGA,
> system stability) hole. He will be punished by something else :-).

I think it's sufficient just to check whether the effective uid
is 0, in which case the file is not read-only.  99% of Allegro
programs running with a different euid will have the euid of
root, in which case they have write access to all existing
files.

George

References:
- Re: [AD] Possible bug in src/libc.c
  - From: Olly Betts
- Re: [AD] Possible bug in src/libc.c
  - From: Stepan Roh

Messages sorted by: [ date | thread ]
Prev by Date: RE: [AD] Directx 8 headers
Next by Date: [AD] Mingw problems
Previous by thread: Re: [AD] Possible bug in src/libc.c
Next by thread: Re: [AD] atex_lit bug -> blender_mode

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/