48ad7e3a7a
"A security issue has been reported in Heimdal, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled rcp application. This may be exploited to perform certain actions with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21436/ http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ Bump PKGREVISION.
16 lines
430 B
Text
16 lines
430 B
Text
$NetBSD: patch-aq,v 1.1 2006/08/09 17:58:09 salo Exp $
|
|
|
|
Security fix for SA21436.
|
|
|
|
--- lib/roken/iruserok.c.orig 2005-04-12 13:28:54.000000000 +0200
|
|
+++ lib/roken/iruserok.c 2006-08-09 19:42:15.000000000 +0200
|
|
@@ -250,7 +250,8 @@ again:
|
|
* are protected read/write owner only.
|
|
*/
|
|
uid = geteuid();
|
|
- seteuid(pwd->pw_uid);
|
|
+ if (seteuid(pwd->pw_uid) < 0)
|
|
+ return (-1);
|
|
hostf = fopen(pbuf, "r");
|
|
seteuid(uid);
|
|
|