[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: #1787: current-user-id setter from (chicken process-context posix) m
|
From: |
elf |
|
Subject: |
Re: #1787: current-user-id setter from (chicken process-context posix) maybe needs some argument validation |
|
Date: |
Fri, 24 Sep 2021 09:37:51 +0300 |
|
User-agent: |
K-9 Mail for Android |
Ah, apologies, I thought there was an ML->trac gateway.
-elf
On 24 September 2021 09:20:11 GMT+03:00, Peter Bex <peter@more-magic.net> wrote:
>On Fri, Sep 24, 2021 at 08:35:48AM +0300, elf wrote:
>> This may actually be a more serious bug than it looks like, for setuid
>> programmes, eg if someone passes, say, a null pointer, or a pointer aligned
>> to wrapping values.
>>
>> The code isn't even doing type checking to make sure it's getting an int
>> (well, uid_t). It's doing pointer conversion when it shouldn't be.
>
>Hi elf,
>
>Please don't reply to the mailing list - your comments don't appear on
>the ticket when you do that, so the ticket author might not see your
>comments and they also will get lost in history.
>
>I'll post a patch to -hackers shortly.
>
>Cheers,
>Peter