From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Tue, 16 Aug 2005 23:56:29 +0400
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Devel discussion list <devel@altlinux.org>
Subject: Re: [devel] suid/sgid programs and temporary files
Message-ID: <20050816195629.GB2637@basalt.office.altlinux.org>
Mail-Followup-To: ALT Devel discussion list <devel@altlinux.org>
References: <20050816193136.GT19097@solemn.turbinal.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="qcHopEYAB45HaUaB"
Content-Disposition: inline
In-Reply-To: <20050816193136.GT19097@solemn.turbinal.org>
X-fingerprint: 9658 398D 181B 1200 8FC5  26B8 F6F8 846B C1E2 3429
Cc: 
X-BeenThere: devel@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ALT Devel discussion list <devel@altlinux.ru>
List-Id: ALT Devel discussion list <devel.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/devel>,
	<mailto:devel-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/devel>
List-Post: <mailto:devel@altlinux.ru>
List-Help: <mailto:devel-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/devel>,
	<mailto:devel-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2005 19:56:30 -0000
Archived-At: <http://lore.altlinux.org/devel/20050816195629.GB2637@basalt.office.altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--qcHopEYAB45HaUaB
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 16, 2005 at 11:31:36PM +0400, Alexey Tourbin wrote:
> =F7 /usr/lib/perl5/File/Temp.pm =C5=D3=D4=D8 =C6=D5=CE=CB=C3=C9=D1 =D0=D2=
=CF=D7=C5=D2=CB=C9 =D7=D2=C5=CD=C5=CE=CE=CF=C7=CF =CB=C1=D4=C1=CC=CF=C7=C1,
> =D7 =CB=CF=D4=CF=D2=CF=CD =C2=D5=C4=D5=D4 =D3=CF=DA=C4=C1=CE=D9 =D7=D2=C5=
=CD=C5=CE=CE=D9=C5 =C6=C1=CA=CC=D9.
>=20
>    649  # internal routine to check to see if the directory is safe
>    650  # First checks to see if the directory is not owned by the
>    651  # current user or root. Then checks to see if anyone else
>    652  # can write to the directory and if so, checks to see if
>    653  # it has the sticky bit set
[...]
> =F5=D3=CC=CF=D7=C9=D1 =D0=CF=C4=DE=C5=D2=CB=CE=D5=D4=CF=CA =D0=D2=CF=D7=
=C5=D2=CB=C9 =CD=CF=D6=CE=CF =D0=C5=D2=C5=D7=C5=D3=D4=C9 =D0=D2=C9=CD=C5=D2=
=CE=CF =CB=C1=CB
> 	st.st_uid > 10 && st.st_uid !=3D getuid()
>=20
> =F7=CF=D0=D2=CF=D3: =C8=CF=D2=CF=DB=CF =CC=C9, =DE=D4=CF =DA=C4=C5=D3=D8 =
=C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 real uid?  =EE=C5 =CC=D5=DE=DB=C5 =CC=
=C9
> =D0=D2=CF=D7=C5=D2=D1=D4=D8 effective uid?=20

=FC=D4=CF =DA=C1=D7=C9=D3=C9=D4 =CF=D4 =D3=C5=CD=C1=CE=D4=C9=CB=C9 =CD=CF=
=C4=D5=CC=D1.
=E4=D2=D5=C7=C9=CD=C9 =D3=CC=CF=D7=C1=CD=C9, =C4=CC=D1 =DE=C5=C7=CF =CF=CE =
=D0=D2=C5=C4=CE=C1=DA=CE=C1=DE=C5=CE.
=F0=D2=C9 =D4=CF=CA =C9=CE=C6=CF=D2=CD=C1=C3=C9=C9, =DE=D4=CF =D3=CF=C4=C5=
=D2=D6=C9=D4=D3=D1 =D7 =CB=CF=CD=CD=C5=CE=D4=C1=D2=C9=C9, =D5 =CD=C5=CE=D1 =
=D3=CB=CC=C1=C4=D9=D7=C1=C5=D4=D3=D1
=CF=DD=D5=DD=C5=CE=C9=C5, =DE=D4=CF =D0=D2=CF=D7=C5=D2=D1=D4=D8 effective u=
id =C2=D9=CC=CF =C2=D9 =CC=CF=C7=C9=DE=CE=C5=C5.


--=20
ldv

--qcHopEYAB45HaUaB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFDAkTt9viEa8HiNCkRAkh+AJ9kNiuD+YDkZZ3thWpbjW+ys96uzgCeNyZn
1nkSkDfukOVttmXggDkL3uQ=
=1THT
-----END PGP SIGNATURE-----

--qcHopEYAB45HaUaB--