Hi Helmut,
* Helmut Grohne <[EMAIL PROTECTED]> [2008-04-12 17:47]:
> The package has a setuid binary acon. The binary never drops setuid.
[...]
From the source code:
35 int main(int argc,char **argv)
36 {
37 int i,tty,useunicode=0;
38 char *fontf=0,*translationf=0,*keymapf=0;
39
40 get_ids();
41 set_user_id();
...
301 int user_id;
302 int acon_id;
303
304 void get_ids(void)
305 {
306 user_id=getuid();
307 acon_id=geteuid();
308 }
309 void set_user_id(void)
310 {
311 seteuid(user_id);
312 }So why do you think it does not drop setuid root, the code does? Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpTM3p6cSYxd.pgp
Description: PGP signature
