by Hi there,
I've found a rather interesting bug in the HTTPd version 1.5a under SunOS
4.1.3
I am in charge of managing the server, but I am NOT root. To make life
easier, I have two programs (both setuid root) to start or restart the
server.
When I put up the server by running the start program, my real uid is
my own, but my effective uid is root. Unfortunately, the server only
checks _real_ uids before deciding if it will give up its root
priviledges or not.
Thus, if you start the server from a setuid starter program, you end up
with your server running setuid root. Not a good thing.
To fix it, I replaced (in the httpd.c file) getuid with geteuid.
David
--
+--------------------------------------------------------------------------
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson