[Bug 969209] Review Request: nx-libs - NX X11 protocol compression libraries

21 Jul 2013


      https://bugzilla.redhat.com/show_bug.cgi?id=969209
Christopher Meng cickumqt@gmail.com changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cickumqt@gmail.com
--- Comment #9 from Christopher Meng cickumqt@gmail.com ---
I think Orion knows that error of missing-call-to-setgroups.
missing-call-to-setgroups has been renamed to
missing-call-to-setgroups-before-setuid.
This will be available in the next version.
And the explanation is:
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this mean it didn't relinquish all groups, and this
would be a potential security issue to be fixed. Seek POS36-C on the web for
details about the problem.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observ...
-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=XTvW005SFR&a=cc_unsubscribe

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Bug 969209] Review Request: nx-libs - NX X11 protocol compression libraries