BIND 10 #268: review: setuid via -u on b10-auth
BIND 10 Development
do-not-reply at isc.org
Mon Aug 9 21:27:55 UTC 2010
#268: review: setuid via -u on b10-auth
------------------------------+---------------------------------------------
Reporter: shane | Owner: jelte
Type: enhancement | Status: reviewing
Priority: major | Milestone: 06. 4th Incremental Release
Component: b10-auth | Resolution:
Keywords: | Sensitive: 0
Estimatedhours: 0.0 | Hours: 0
Billable: 1 | Totalhours: 1.0
Internal: 0 |
------------------------------+---------------------------------------------
Comment(by jinmei):
Replying to [comment:14 jelte]:
> Well the old trick for getting a second superuser account is to set its
uid to 0. Don't know if it's in the standards (i suspect they left
specifying that out on purpose), and I *think* that having a second uid=0
account and then asking for its username will return root again, so in
practice I don't think it really matters, but i believe that that is the
check the system actually makes (unless there are capabilities or other
such modern nonsense)
>
I've changed the check to uid==0 (r2670).
I've googled on whether it's specified in some standard or just a
convention, but couldn't find an answer. But at least uid==0 wouldn't be
worse than username="root", and probably a bit more portable.
Is it now okay to merge?
--
Ticket URL: <https://bind10.isc.org/ticket/268#comment:15>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list