Some thoughts about security in correct_password.c

Vladimir N. Oleynik dzo at simtreas.ru
Fri Dec 23 14:00:24 UTC 2005


Tito,

>         if (( strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( strcmp ( pw-> pw_passwd, "*" ) == 0 )) {
> +               seteuid(0);

Its nonsese for me. If euid!=0 you can`t allow usage any seteuid(n).


--w
vodz



More information about the busybox mailing list