Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 88621 Details for
Bug 135970
kde-base/arts Unchecked set*uid() calls (CVE-2006-2916)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
arts-3.5.3.diff
arts-3.5.3.diff (text/plain), 946 bytes, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2006-06-07 12:23:50 UTC
(
hide
)
Description:
arts-3.5.3.diff
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2006-06-07 12:23:50 UTC
Size:
946 bytes
patch
obsolete
>Index: soundserver/artswrapper.c >=================================================================== >--- soundserver/artswrapper.c (revision 546970) >+++ soundserver/artswrapper.c (working copy) >@@ -95,6 +95,10 @@ int main(int argc, char **argv) > #else > setreuid(-1, getuid()); > #endif >+ if (geteuid() != getuid()) { >+ perror("setuid()"); >+ return 2; >+ } > } > > if(argc == 0) >Index: soundserver/crashhandler.cc >=================================================================== >--- soundserver/crashhandler.cc (revision 546970) >+++ soundserver/crashhandler.cc (working copy) >@@ -196,7 +196,12 @@ CrashHandler::defaultCrashHandler (int s > argv[i++] = NULL; > > setgid(getgid()); >- setuid(getuid()); >+ if (getuid() != geteuid()) >+ setuid(getuid()); >+ if (getuid() != geteuid()) { >+ perror("setuid()"); >+ exit(255); >+ } > > execvp(crashApp, argv); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=88621">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 135970
: 88621
