On Thu, 14 Feb 2002, Florian Laws wrote:
> from the manual that Exim does indeed give up root privileges when a
> nonprivileged caller specifies -C, but does it do so before the crash
> occurrs?
setgroups32(0, 0) = -1 EPERM (Operation not permitted)
setgroups32(0x1, 0xbfff7b84) = -1 EPERM (Operation not permitted)
setgid32(0x3e8) = 0
setuid32(0x3e8) = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
0x3e8 is the caller user's uid and gid. these calls do seem to succeed
before the crash. ok, granted, i don't know much about exploiting
buffer overruns, so this may just as well be a false confirmation.
--
[-]