security review and patches for libpurple

Dan Auerbach dtauerbach at
Thu Aug 11 20:33:56 EDT 2011

On 08/11/2011 09:04 AM, Ethan Blanton wrote:
> Ethan Blanton spake unto us the following wisdom:
>> I have rejected the following patches for rejection, further review,
>> and/or correction:
> Missed one:
> * bonjour-geteuid.diff
>    I think this is just wrong.  It looks to me like we *want* euid, not
>    uid.  I can't think of any reason to setuid Pidgin in the first
>    place, but if we do, it seems like the euid is probably who you want
>    to be running Pidgin.  I don't know.  It's not clear to me how this
>    should be changed either way.
> Ethan
I believe this patch replaces uid with euid.

More information about the security mailing list