On Thu, Dec 08, 2016 at 09:09:15PM -0500, J William Piggott wrote:
> On 12/07/2016 06:25 AM, Karel Zak wrote:
> > Maybe my patch seems too strict, but change docs is not enough, the
> > code matters. We want to be sure nobody uses hwclock as setuid,
> > especially if man page and code comments promised this non-sense.
>
> I agree that setuid should be removed from the man-page and source
> comments. I do not think the code was a problem; removing it does not
See 687cc5d58942b24a9f4013c68876d8cbea907ab1, it removes many checks.
It wasn't about comments only.
> prevent running it with setuid. It only prevents users from access to
> the benign read only functions of hwclock which they have historically
> had.
I agree that kernel is the place where we need to check permissions,
so I have removed the if (getuid() != 0)
https://github.com/karelzak/util-linux/commit/f4e61504a457395018c02bafcf17d1e3f8644b78
let's hope nobody uses it as setuid.
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
