https://bugzilla.kernel.org/show_bug.cgi?id=42704
--- Comment #2 from KOSAKI Motohiro <kosaki.motohiro@xxxxxxxxxxxxxx> 2012-04-18 00:23:10 ---
Hmm..
I'm not Vasiliy and I couldn't add him to cc list (I don't know why).
But maybe I can answer this.
Now, many many applications don't check the return code and this ignorance may
make critical security issue. set*id() is usually used for dropping root
privilege
and then a failure mean application run untrusted code w/ root privilege.
that's dangerous. then, set*id() should ignore rlimit and always can drop a
privilege.
In the other hand, execve() is used for getting a privilege. then a failure is
not security threat.
Next, applications still should check set*uid() return value because it may run
on older kernel.
thank you.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Netdev]
[Linux Ethernet Bridging]
[Linux Wireless]
[Kernel Newbies]
[Memory]
[Security]
[Linux for Hams]
[Netfilter]
[Bugtraq]
[Photo]
[Yosemite]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux RAID]
[Linux Admin]
[Samba]
[Video 4 Linux]
[Linux Resources]
