Jon Steinhart <jon(_at_)fourwinds(_dot_)com> wrote on May 13, 2005:
Saw this while looking for something else.
m_chkids() forks a child process to run context_save() if the
uid is not the same as the euid. But, it ends up running as
if the uid and euid are the same if the fork() fails. Seems
to me that this should be an error. I realize that it will
probably result in later errors from being unable to access
the files, but those will be confusing since they won't indicate
the real problem.
Opinions?
You shouldn't be making mh commands setuid, so the situation is
unlikely to arise. This probably isn't worth fixing, except as part
of a complete revamp of core code.
-NWR
So give me a clue here. Why shouldn't they be made setuid? Someone
obviously thought enough about this to put this code there in the
first place. If running setuid is a bad thing and shouldn't be done
would it be acceptable to just remove this whole piece of code?
Jon
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers