Hi Mohammed, * Mohammed Sameer <[EMAIL PROTECTED]> [2008-04-13 18:18]: > I think I'm missing something. > > Why do we need to make it not suid if the daemon drops it (-6 upload) ?
Cause it does drop it via seteuid and as long as the buffer overflow exists possible injected shellcode could do seteuid(0) to get it back. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpEa5Uac9sRQ.pgp
Description: PGP signature
