Re: sys_setuid bug found (the Debian man man setuid problem)

Linus Torvalds (torvalds@transmeta.com)
Wed, 9 Aug 2000 18:58:03 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: Linux 2.4 Status"
Previous message: Andi Kleen: "Re: Why 2.2 kernels can't be IP routers!"

On Wed, 9 Aug 2000, Cesar Eduardo Barros wrote:
>
> I found the cause for the Debian man man bug (in which you can't run man as
> non-root user since 2.4.0-test6-pre1).

Good catch.

The set_user() for that particular case should just be dropped in fact,
turning that case into an empty case too. I mis-read the original setuid()
code.

> } else if (uid == current->suid) {
> if (set_user(uid) < 0)
> return -EAGAIN;
> } else

So just turn the above if() into an empty statement (and obviously it can
then be trivially cleaned up ;)

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: Linux 2.4 Status"
Previous message: Andi Kleen: "Re: Why 2.2 kernels can't be IP routers!"