[cs631apue] getprogname restriction
Aubhik Mazumdar
amazumda at stevens.edu
Sat Sep 29 20:51:44 EDT 2018
Hello all,
While reading the man page for getprogname(3) on NetBSD, I came across a
restriction
RESTRICTIONS
The string returned by getprogname() is supplied by the invoking process and
should not be trusted by setuid or setgid programs.
I don't understand how it could be exploited in a program using setuid or
setgid. Does anyone have an idea?
Thanks,
Aubhik Mazumdar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs631apue/attachments/20180929/022ab3fc/attachment.html>
More information about the cs631apue
mailing list