tech-kern: re: Addition to force open to open only regular files

Subject: re: Addition to force open to open only regular files
To: Chris Torek <torek@BSDI.COM>
From: matthew green <mrg@eterna.com.au>
List: tech-kern
Date: 11/28/2000 10:45:34

   
   In other words, given the mechanism we have now in the various BSDs,
   EVERY SETUID PROGRAM SHOULD BEGIN WITH:
   
   	seteuid(getuid());



i completely agree with this.  i'd just like to note that it doesn't stop
buffer overflow attacks as the "shell code" can just call setuid(0) before
it calls exec....