oss-sec mailing list archives
Re: Security release for mod_wsgi (version 3.5)
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 17 Jun 2014 11:43:52 -0700
On Tue, Jun 17, 2014 at 10:39:49PM +1000, Graham Dumpleton wrote:
On MacOS X at least, it [setgid] really doesn't care what you give it. You can give it negative numbers or even really large numbers and it will happily set it to the value. I can't find any good information on what Linux would do and can't test it right now.
On Linux, since 2.4 times, all representable values in gid_t are legal group ids: http://manpages.ubuntu.com/manpages/trusty/en/man2/setgid.2.html Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Security release for mod_wsgi (version 3.5) Kurt Seifried (May 21)
- Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Seth Arnold (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Matthew Daley (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Solar Designer (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 18)
- CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] Murray McAllister (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)