[Bugs] [Bug 1221490] New: fuse: check return value of setuid

bugzilla at redhat.com bugzilla at redhat.com
Thu May 14 07:31:50 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1221490

            Bug ID: 1221490
           Summary: fuse: check return value of setuid
           Product: GlusterFS
           Version: mainline
         Component: fuse
          Assignee: bugs at gluster.org
          Reporter: prasanna.kalever at redhat.com
                CC: bugs at gluster.org, gluster-bugs at redhat.com



Description of problem:

setuid() sets the effective user ID of the calling process.  If the effective
UID of the caller is root, the real UID and saved set-user-ID are also set.
On success, zero is returned.  On error, -1 is returned, and errno is set
appropriately.

Note: there are cases where setuid() can fail even when the caller is UID 0; it
is a grave security error to omit checking for a failure return from setuid().
if an environment limits the number of processes a user can have, setuid()
might fail if the target uid already is at the limit.


Version-Release number of selected component (if applicable):

mainline

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list