[cs631apue] getprogname restriction

Aubhik Mazumdar amazumda at stevens.edu
Sat Sep 29 20:51:44 EDT 2018


Hello all,

While reading the man page for getprogname(3) on NetBSD, I came across a
restriction

RESTRICTIONS

The string returned by getprogname() is supplied by the invoking process and
should not be trusted by setuid or setgid programs.

I don't understand how it could be exploited in a program using setuid or
setgid. Does anyone have an idea?

Thanks,
Aubhik Mazumdar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs631apue/attachments/20180929/022ab3fc/attachment.html>


More information about the cs631apue mailing list