[arpwatch/f16] fix supplementary group list (#825328) (CVE-2012-2653)
aledvink
aledvink at fedoraproject.org
Thu May 31 23:33:27 UTC 2012
commit 3c2b488ea1ca387e954b6f98f4445431022396f1
Author: Ales Ledvinka <aledvink at redhat.com>
Date: Thu May 31 17:57:54 2012 +0200
fix supplementary group list (#825328) (CVE-2012-2653)
arpwatch-2.1a15-dropgroup.patch | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
---
diff --git a/arpwatch-2.1a15-dropgroup.patch b/arpwatch-2.1a15-dropgroup.patch
new file mode 100644
index 0000000..b6a25f8
--- /dev/null
+++ b/arpwatch-2.1a15-dropgroup.patch
@@ -0,0 +1,12 @@
+diff -up arpwatch-2.1a15/arpwatch.c.dropgroup arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15/arpwatch.c.dropgroup 2012-05-31 11:47:13.327901902 +0200
++++ arpwatch-2.1a15/arpwatch.c 2012-05-31 11:48:04.859900061 +0200
+@@ -147,7 +147,7 @@ void dropprivileges(const char* user)
+ struct passwd* pw;
+ pw = getpwnam( user );
+ if ( pw ) {
+- if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++ if ( setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
+ setuid(pw->pw_uid) != 0 ) {
+ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
+ pw->pw_uid, pw->pw_gid);
More information about the scm-commits
mailing list