security review and patches for libpurple
Dan Auerbach
dtauerbach at eff.org
Thu Aug 11 20:33:56 EDT 2011
On 08/11/2011 09:04 AM, Ethan Blanton wrote:
> Ethan Blanton spake unto us the following wisdom:
>> I have rejected the following patches for rejection, further review,
>> and/or correction:
> Missed one:
>
> * bonjour-geteuid.diff
>
> I think this is just wrong. It looks to me like we *want* euid, not
> uid. I can't think of any reason to setuid Pidgin in the first
> place, but if we do, it seems like the euid is probably who you want
> to be running Pidgin. I don't know. It's not clear to me how this
> should be changed either way.
>
> Ethan
>
I believe this patch replaces uid with euid.
More information about the security
mailing list