Fwd: Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCALROOTEXPLOIT
Andreas Pour
pour at mieterra.com
Mon Jul 8 08:04:59 BST 2002
Adrian Schroeter wrote:
[ ... ]
> And it was a "setreuid" call in the past, which would be okay.
Sorry, it makes no difference, at least on Linux, where the man page
says, and tests confirm, that:
Currently seteuid(euid) is functionally equivalent to
setreuid(-1, euid).
Also, checking back, it seems this problem is in place since inception
(pre-KDE 1.90), time to update the notices . . . .
[ ... ]
Ciao,
Dre
More information about the kde-core-devel
mailing list