Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 91097 Details for
Bug 139477
net-dialup/ppp setuid() issue (CVE-2006-2194)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
winbind-drop-privs.patch
winbind-drop-privs.patch (text/plain), 614 bytes, created by
Alin Năstac (RETIRED)
on 2006-07-07 00:11:48 UTC
(
hide
)
Description:
winbind-drop-privs.patch
Filename:
MIME Type:
Creator:
Alin Năstac (RETIRED)
Created:
2006-07-07 00:11:48 UTC
Size:
614 bytes
patch
obsolete
>diff -Nru ppp-2.4.3.orig/pppd/plugins/winbind.c ppp-2.4.3/pppd/plugins/winbind.c >--- ppp-2.4.3.orig/pppd/plugins/winbind.c 2006-05-09 14:39:49.000000000 +0300 >+++ ppp-2.4.3/pppd/plugins/winbind.c 2006-07-07 10:09:10.000000000 +0300 >@@ -300,8 +300,10 @@ > close(child_in[1]); > > /* run winbind as the user that invoked pppd */ >- setgid(getgid()); >- setuid(getuid()); >+ if (setgid(getgid()) < 0 || setuid(getuid()) < 0) { >+ perror("pppd/winbind: failed to drop privileges"); >+ exit(1); >+ } > execl("/bin/sh", "sh", "-c", ntlm_auth, NULL); > perror("pppd/winbind: could not exec /bin/sh"); > exit(1);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=91097">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 139477
: 91097
