From 415b20b6fbf562d4132fca90a00b6c32d94040ed Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 13 Feb 2015 13:32:17 +0100 Subject: Be compliant with POS36-C: Observe correct revocation order while relinquishing privileges (602_nx-X11_initgroups.full.patch). The Fedora review of NX (redistributed) caught the following rpmlint issue: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges This patch adds initgroups() calls to the code to initialize the supplemental group list. --- nx-X11/programs/Xserver/os/utils.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'nx-X11/programs/Xserver/os') diff --git a/nx-X11/programs/Xserver/os/utils.c b/nx-X11/programs/Xserver/os/utils.c index 7e626542e..9b2431af7 100644 --- a/nx-X11/programs/Xserver/os/utils.c +++ b/nx-X11/programs/Xserver/os/utils.c @@ -112,6 +112,9 @@ OR PERFORMANCE OF THIS SOFTWARE. #include #include /* for isspace */ #include +#include +#include +#include #if defined(DGUX) #include @@ -1770,6 +1773,7 @@ System(char *command) void (*csig)(int); #endif int status; + struct passwd *pwent; if (!command) return(1); @@ -1791,6 +1795,9 @@ System(char *command) case -1: /* error */ p = -1; case 0: /* child */ + pwent = getpwuid(getuid()); + if (initgroups(pwent->pw_name,getgid()) == -1) + _exit(127); if (setgid(getgid()) == -1) _exit(127); if (setuid(getuid()) == -1) -- cgit v1.2.3