This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Declare set*id with warn_unused_result

From: Florian Weimer <fweimer at redhat dot com>
To: libc-alpha at sourceware dot org
Date: Mon, 30 Jul 2012 15:08:13 +0200
Subject: Re: [PATCH] Declare set*id with warn_unused_result
References: <500E8DE4.5060006@redhat.com> <201207241208.22189.vapier@gentoo.org>

On 07/24/2012 06:08 PM, Mike Frysinger wrote:

On Tuesday 24 July 2012 07:58:28 Florian Weimer wrote:

On Linux (except very current versions without funky security modules),
set*uid can fail with EAGAIN when RLIMIT_NPROC would be exceeded.
Missing return value checks are known to result in privilege escalation
vulnerabilities.  It is a common coding error to call setuid before
setgid, so that the setgid fails, and checking for the setgid result
should prevent this mistake from going unnoticed.  Therefore, I think it
makes sense to add the attribute to both groups of functions.

SGTM

Okay. I plan to commit this change on Wednesday, unless there is more feedback.

--
Florian Weimer / Red Hat Product Security Team

References:
- [PATCH] Declare set*id with warn_unused_result
  - From: Florian Weimer
- Re: [PATCH] Declare set*id with warn_unused_result
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]