[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: #1787: current-user-id setter from (chicken process-context posix) m
|
From: |
Peter Bex |
|
Subject: |
Re: #1787: current-user-id setter from (chicken process-context posix) maybe needs some argument validation |
|
Date: |
Fri, 24 Sep 2021 08:20:11 +0200 |
On Fri, Sep 24, 2021 at 08:35:48AM +0300, elf wrote:
> This may actually be a more serious bug than it looks like, for setuid
> programmes, eg if someone passes, say, a null pointer, or a pointer aligned
> to wrapping values.
>
> The code isn't even doing type checking to make sure it's getting an int
> (well, uid_t). It's doing pointer conversion when it shouldn't be.
Hi elf,
Please don't reply to the mailing list - your comments don't appear on
the ticket when you do that, so the ticket author might not see your
comments and they also will get lost in history.
I'll post a patch to -hackers shortly.
Cheers,
Peter
signature.asc
Description: PGP signature