Wireshark-bugs: [Wireshark-bugs] [Bug 3523] Inconsistent results of started_with_special_privs()
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 10 Jun 2009 03:06:23 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3523





--- Comment #1 from Guy Harris <guy@xxxxxxxxxxxx>  2009-06-10 03:06:22 PDT ---
The started_with_special_privs() was designed around set-UID, not around sudo. 
We could *extend* it to check *both* for running set-UID and as root - note
that merely checking whether the real or effective user or group ID is 0 is
*not* sufficient, as it doesn't check whether the saved set-user ID or
set-grpup ID is 0, and if, for example, the saved set-user ID is 0, a plugin
could grab root privileges by changing the effective user ID to 0.  (That's one
of the reasons why issetugid() was created.)

Thus, to make the results consistent, the on-HAVE_ISSETUGID version would have
to somehow check whether you have a saved set-user ID or saved set-group ID of
0; attempting to do seteuid(0) or setegid(0) might be sufficient for that,
although that wouldn't help if there are platforms that have issetugid() but
don't have seteuid() or setegid().


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.