rpms/zabbix/EL-4 zabbix-1.4.2-initgroups.patch, NONE, 1.1 zabbix.spec, 1.13, 1.14
Dan Horak (sharkcz)
fedora-extras-commits at redhat.com
Sat Dec 1 09:12:09 UTC 2007
- Previous message: rpms/zabbix/FC-6 zabbix-1.4.2-initgroups.patch, NONE, 1.1 zabbix.spec, 1.10, 1.11
- Next message: rpms/pinot/F-8 .cvsignore, 1.4, 1.5 pinot.spec, 1.14, 1.15 sources, 1.4, 1.5 configure-ssl-curl-libs.patch, 1.1, NONE dbusxapianindex_reload03.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sharkcz
Update of /cvs/pkgs/rpms/zabbix/EL-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv351
Modified Files:
zabbix.spec
Added Files:
zabbix-1.4.2-initgroups.patch
Log Message:
* Sat Dec 01 2007 Dan Horak <dan[at]danny.cz> 1.4.2-4
- add security fix (#407181)
zabbix-1.4.2-initgroups.patch:
--- NEW FILE zabbix-1.4.2-initgroups.patch ---
--- /home/abi/zabbix-1.4.2/src/libs/zbxnix/daemon.c 2007-08-20 21:22:22.000000000 +0200
+++ zabbix-1.4.2/src/libs/zbxnix/daemon.c 2007-11-25 15:53:31.890046746 +0100
@@ -90,20 +90,33 @@
pid_t pid;
struct passwd *pwd;
struct sigaction phan;
+ char user[7] = "zabbix";
/* running as root ?*/
if((0 == allow_root) && (0 == getuid() || 0 == getgid()))
{
- pwd = getpwnam("zabbix");
+ pwd = getpwnam(user);
if (NULL == pwd)
{
zbx_error("User zabbix does not exist.");
zbx_error("Cannot run as root !");
exit(FAIL);
}
- if( (setgid(pwd->pw_gid) ==-1) || (setuid(pwd->pw_uid) == -1) )
+ if( (setgid(pwd->pw_gid) ==-1) )
{
- zbx_error("Cannot setgid or setuid to zabbix [%s].", strerror(errno));
+ zbx_error("Cannot setgid to zabbix [%s].", strerror(errno));
+ exit(FAIL);
+ }
+
+ if( (initgroups(user, pwd->pw_gid) == -1) )
+ {
+ zbx_error("Cannot initgroups to zabbix [%s].", strerror(errno));
+ exit(FAIL);
+ }
+
+ if( (setuid(pwd->pw_uid) ==-1) )
+ {
+ zbx_error("Cannot setuid to zabbix [%s].", strerror(errno));
exit(FAIL);
}
Index: zabbix.spec
===================================================================
RCS file: /cvs/pkgs/rpms/zabbix/EL-4/zabbix.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- zabbix.spec 20 Sep 2007 15:46:55 -0000 1.13
+++ zabbix.spec 1 Dec 2007 09:11:36 -0000 1.14
@@ -1,6 +1,6 @@
Name: zabbix
Version: 1.4.2
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Open-source monitoring solution for your IT infrastructure
Group: Applications/Internet
@@ -14,6 +14,7 @@
Patch0: zabbix-1.4.2-netsnmp-x86_64.patch
Patch1: zabbix-1.4.2-include.patch
Patch2: zabbix-1.4.2-cpustats.patch
+Patch3: zabbix-1.4.2-initgroups.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%define database mysql
@@ -85,6 +86,7 @@
%endif
%patch1 -p1 -b .include
%patch2 -p1 -b .cpustats
+%patch3 -p1 -b .initgroups
# shuffle sql init files around to fix up install
mkdir -p dbinit/{schema,data}
@@ -256,6 +258,9 @@
%{_datadir}/%{name}/js/*
%changelog
+* Sat Dec 01 2007 Dan Horak <dan[at]danny.cz> 1.4.2-4
+- add security fix (#407181)
+
* Thu Sep 20 2007 Dan Horak <dan[at]danny.cz> 1.4.2-3
- Fix paths (%%_bindir -> %%_sbindir) in init scripts (#297061)
- Add a patch to clean a warning during compile
- Previous message: rpms/zabbix/FC-6 zabbix-1.4.2-initgroups.patch, NONE, 1.1 zabbix.spec, 1.10, 1.11
- Next message: rpms/pinot/F-8 .cvsignore, 1.4, 1.5 pinot.spec, 1.14, 1.15 sources, 1.4, 1.5 configure-ssl-curl-libs.patch, 1.1, NONE dbusxapianindex_reload03.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list