I'm looking through the clang analyzer reports and found this one: = http://scan.freebsd.your.org/freebsd-head/sbin.ping/2012-09-30-amd64/repor= t-R9ZgC6.html#EndPath It's complaining that, if setuid() fails for some reason, the process = will continue with root privileges because the process is suid root. At first glance, it seems unnecessary to check the return value of = "setuid(getuid())" since the user should always be able to drop = privileges to itself. So I filed this bug with LLVM: = http://llvm.org/bugs/show_bug.cgi?id=3D13979 It turns out that setuid() *may* fail if the user hits its process = limit. Apparently FreeBSD doesn't check the limit in the specific = setuid(getuid()) case (I can't find the code anywhere right now) so this = is not an issue, but Linux does. However, if FreeBSD decides to change = the setuid() implementation at some point, the issue may surface again. A simple fix would be something like: Index: /freebsd/repos/head_scratch/src/sbin/ping/ping.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- /freebsd/repos/head_scratch/src/sbin/ping/ping.c (revision = 240960) +++ /freebsd/repos/head_scratch/src/sbin/ping/ping.c (working copy) @@ -255,7 +255,8 @@ s =3D socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); sockerrno =3D errno; =20 - setuid(getuid()); + if (setuid(getuid()) !=3D 0) + err(EX_NOPERM, "setuid() failed"); uid =3D getuid(); =20 alarmtimeout =3D df =3D preload =3D tos =3D 0; There's an alternative approach for NetBSD with a patch to kern_exec.c = here: = http://mail-index.netbsd.org/tech-security/2008/01/12/msg000026.html but = I have no idea if this applies to FreeBSD. I'd like an opinion on which way to go before filing PRs because we have = around 200 of these warnings in the FreeBSD repo. Thanks, Erik= _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"