security review and patches for libpurple

Mark Doliner mark at kingant.net
Tue Aug 16 02:24:27 EDT 2011


On Thu, Aug 11, 2011 at 8:08 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Dan Auerbach spake unto us the following wisdom:
>> >* bonjour-geteuid.diff
>> >
>> >   I think this is just wrong.  It looks to me like we *want* euid, not
>> >   uid.  I can't think of any reason to setuid Pidgin in the first
>> >   place, but if we do, it seems like the euid is probably who you want
>> >   to be running Pidgin.  I don't know.  It's not clear to me how this
>> >   should be changed either way.
>>
>> I believe this patch replaces uid with euid.
>
> It does.  This just goes to show you how nonsensical the difference is
> between getuid and geteuid in this case.  When I rejected the patch, I
> was convinced that getuid was correct and geteuid was wrong, and all I
> remembered was that the patch was wrong.  This time I thought it did
> the opposite, and still convinced myself the patch was wrong.
>
> I think the bottom line is that setuid Pidgin is just broken, so it
> isn't clear whether you'd want uid or euid.  :-) I guess I have no
> feelings about this patch's correctness either way, because I think
> the difference is moot.

I think uid is better.  The function is just trying to get some form
of friendly name to use for yourself on your local network.  I can't
imagine why someone would setuid their Pidgin binary, but if they do I
think it makes more sense to use the name of the user calling the
binary and NOT the name of the owner of the binary.

Unless there is some reason to use the euid that no one has mentioned yet?

--Mark


More information about the security mailing list