Re: Subtle MM bug

Chris Wing (wingc@engin.umich.edu)
Wed, 10 Jan 2001 14:57:27 -0500 (EST)


Alan:

> I've seen exactly nil cases where there are any security holes in apps caused
> by that pthreads api non adherance.

I don't know of any exploitable bugs that were found in it, but the identd
server included in Red Hat 6.1 (pidentd 3.0.10) unintentionally ran as
root instead of nobody because its programmer used pthreads and assumed
that setuid() would affect all threads.

I pointed this out to the author and Red Hat, and it was fixed in
pidentd 3.0.11 and Red Hat 6.2.

-Chris Wing
wingc@engin.umich.edu

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/