bb3e8f5e8d
"A security issue has been reported in Kerberos, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled krshd and v4rcp applications. This can be exploited to disclose or manipulate the contents of arbitrary files or execute arbitrary code with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21402/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt Bump PKGREVISION.
24 lines
707 B
Text
24 lines
707 B
Text
$NetBSD: patch-aq,v 1.1 2006/08/09 17:31:10 salo Exp $
|
|
|
|
Security fix for SA21402.
|
|
|
|
--- appl/bsd/krshd.c.orig 2005-04-07 23:17:25.000000000 +0200
|
|
+++ appl/bsd/krshd.c 2006-08-09 18:52:53.000000000 +0200
|
|
@@ -1379,9 +1379,15 @@ void doit(f, fromp)
|
|
* If we're on a system which keeps track of login uids, then
|
|
* set the login uid.
|
|
*/
|
|
- setluid((uid_t) pwd->pw_uid);
|
|
+ if (setluid((uid_t) pwd->pw_uid) < 0) {
|
|
+ perror("setluid");
|
|
+ _exit(1);
|
|
+ }
|
|
#endif /* HAVE_SETLUID */
|
|
- (void) setuid((uid_t)pwd->pw_uid);
|
|
+ if (setuid((uid_t)pwd->pw_uid) < 0) {
|
|
+ perror("setuid");
|
|
+ _exit(1);
|
|
+ }
|
|
/* if TZ is set in the parent, drag it in */
|
|
{
|
|
char **findtz = environ;
|