Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!cbosgd!mandrill!hal!ncoast!allbery From: allbery@ncoast.UUCP Newsgroups: comp.unix.wizards Subject: Re: Setting process groups Message-ID: <6305@ncoast.UUCP> Date: Mon, 30-Nov-87 22:21:01 EST Article-I.D.: ncoast.6305 Posted: Mon Nov 30 22:21:01 1987 Date-Received: Fri, 4-Dec-87 01:21:26 EST References: <1765@unc.cs.unc.edu> <910@mcgill-vision.UUCP> <1261@saturn.ucsc.edu> Reply-To: allbery@ncoast.UUCP (Brandon Allbery) Followup-To: comp.unix.wizards Organization: Cleveland Public Access UN*X, Cleveland, Oh Lines: 19 As quoted from <1261@saturn.ucsc.edu> by haynes@ucscc.UCSC.EDU.ucsc.edu (99700000): +--------------- | Incidentally, there's a security hole connected with setpgrp() | in that the system doesn't check whether the pgrp number you | proffer is already in use by somebody else. So with a little | cleverness you can attach to the pgrp of someone else's process | and proceed to kill it. +--------------- ...which is why System V won't let you set the pgrp to anything other than your pid. Wonderful idea, by the way -- don't you get a warm glow from having posted an easily-exploited security hole to the Net? Please be more circumspect next time. -- Brandon S. Allbery necntc!ncoast!allbery@harvard.harvard.edu {hoptoad,harvard!necntc,cbosgd,sun!mandrill!hal,uunet!hnsurg3}!ncoast!allbery Moderator of comp.sources.misc