diff options
author | Orion Poplawski <orion@cora.nwra.com> | 2015-02-13 13:32:17 +0100 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-13 13:32:17 +0100 |
commit | 415b20b6fbf562d4132fca90a00b6c32d94040ed (patch) | |
tree | af19b2e816b60b3d56ea9c9d69d6cc61c78d8e45 /nx-X11 | |
parent | 456f887d95ca34974c1192a477dfca117827457f (diff) | |
download | nx-libs-415b20b6fbf562d4132fca90a00b6c32d94040ed.tar.gz nx-libs-415b20b6fbf562d4132fca90a00b6c32d94040ed.tar.bz2 nx-libs-415b20b6fbf562d4132fca90a00b6c32d94040ed.zip |
Be compliant with POS36-C: Observe correct revocation order while relinquishing privileges (602_nx-X11_initgroups.full.patch).
The Fedora review of NX (redistributed) caught the following rpmlint issue:
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this mean it didn't relinquish all groups, and this
would be a potential security issue to be fixed. Seek POS36-C on the web for
details about the problem.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
This patch adds initgroups() calls to the code to initialize the supplemental group list.
Diffstat (limited to 'nx-X11')
-rw-r--r-- | nx-X11/programs/Xserver/os/utils.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nx-X11/programs/Xserver/os/utils.c b/nx-X11/programs/Xserver/os/utils.c index 7e626542e..9b2431af7 100644 --- a/nx-X11/programs/Xserver/os/utils.c +++ b/nx-X11/programs/Xserver/os/utils.c @@ -112,6 +112,9 @@ OR PERFORMANCE OF THIS SOFTWARE. #include <sys/stat.h> #include <ctype.h> /* for isspace */ #include <stdarg.h> +#include <sys/types.h> +#include <grp.h> +#include <pwd.h> #if defined(DGUX) #include <sys/resource.h> @@ -1770,6 +1773,7 @@ System(char *command) void (*csig)(int); #endif int status; + struct passwd *pwent; if (!command) return(1); @@ -1791,6 +1795,9 @@ System(char *command) case -1: /* error */ p = -1; case 0: /* child */ + pwent = getpwuid(getuid()); + if (initgroups(pwent->pw_name,getgid()) == -1) + _exit(127); if (setgid(getgid()) == -1) _exit(127); if (setuid(getuid()) == -1) |