netbsd-bugs: Re: bin/33479

Subject: Re: bin/33479
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,>
From: Michael van Elst <mlelstv@henery.1st.de>
List: netbsd-bugs
Date: 05/14/2006 10:00:05

The following reply was made to PR bin/33479; it has been noted by GNATS.

From: Michael van Elst <mlelstv@henery.1st.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/33479
Date: Sun, 14 May 2006 11:55:07 +0200

 The problem is limited to the PAM version of su. The non-PAM
 version restores the priority before running a command.

 This also shows that only the execution of su itself but not
 the command should run at the elevated priority.

 The patch does the same for the PAM version. However the setusercontext()
 function is already running at the restored priority as it could 
 change the priority itself and there is no simple way to find out.

 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."