[mpm-itk] mpm-itk feedback and questions

Steinar H. Gunderson sgunderson at bigfoot.com
Tue May 20 15:01:34 CEST 2014


On Tue, May 20, 2014 at 12:42:46PM +0000, Bruccoleri, Robert (Ext) wrote:
> Unfortunately, the code first attempted to access the protected files as
> the apache user, and then it issued the setuid system call to change the
> server's UID. Obviously, this is the wrong order. The setuid call should
> happen first, before the files are accessed.

This sounds very odd. On what do you base this analysis, and what precisely
do you mean by “access”?

/* Steinar */
-- 
Homepage: http://www.sesse.net/



More information about the mpm-itk mailing list