The current code of sispmctl does not effectively drop user privileges
when starting the program as privileged user.
socket.c:
/* drop priveleges */
uid = getuid();
seteuid(uid);
This should be fixed before using sispmctl as a webserver.
cf.
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix0
Package: sispmctl
Version: 2.7-1
Severity: wishlist
It would be nice to have an additional package with the webserver enabled.
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linu
2 matches
Mail list logo
