Fwd: Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCALROOTEXPLOIT

[Andreas Pour]

Adrian Schroeter wrote:

[ ... ]

> And it was a "setreuid" call in the past, which would be okay.

Sorry, it makes no difference, at least on Linux, where the man page
says, and tests confirm, that:

     Currently  seteuid(euid)  is  functionally  equivalent  to
     setreuid(-1, euid).

Also, checking back, it seems this problem is in place since inception
(pre-KDE 1.90), time to update the notices . . . .

[ ... ]

Ciao,

Dre