[mpm-itk] mpm-itk feedback and questions
Steinar H. Gunderson
sgunderson at bigfoot.com
Tue May 20 15:01:34 CEST 2014
On Tue, May 20, 2014 at 12:42:46PM +0000, Bruccoleri, Robert (Ext) wrote:
> Unfortunately, the code first attempted to access the protected files as
> the apache user, and then it issued the setuid system call to change the
> server's UID. Obviously, this is the wrong order. The setuid call should
> happen first, before the files are accessed.
This sounds very odd. On what do you base this analysis, and what precisely
do you mean by “access”?
/* Steinar */
More information about the mpm-itk