|
From: | Ilja Van Sprundel |
Subject: | [bug-inetutils] security bug in ping |
Date: | Fri, 1 Mar 2013 08:43:47 -0800 |
Hey, I just downloaded the 1.9.1 source tarball, and was looking at ping.c’s main. There’s a call done to do privdropping: /* Reset root privileges */ setuid (getuid ()); Which can be unsafe, if setuid() fails. The return value should be checked. Regards, Ilja van Sprundel. |
[Prev in Thread] | Current Thread | [Next in Thread] |