1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
Description: Be compliant with POS36-C: Observe correct revocation order while relinquishing privileges
Author: Orion Poplawski <orion@cora.nwra.com>
Abstract:
The Fedora review of NX (redistributed) caught the following rpmlint issue:
.
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this mean it didn't relinquish all groups, and this
would be a potential security issue to be fixed. Seek POS36-C on the web for
details about the problem.
.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
.
This patch adds initgroups() calls to the code to initialize the supplemental group list.
--- a/nx-X11/programs/Xserver/os/utils.c
+++ b/nx-X11/programs/Xserver/os/utils.c
@@ -112,6 +112,9 @@ OR PERFORMANCE OF THIS SOFTWARE.
#include <sys/stat.h>
#include <ctype.h> /* for isspace */
#include <stdarg.h>
+#include <sys/types.h>
+#include <grp.h>
+#include <pwd.h>
#if defined(DGUX)
#include <sys/resource.h>
@@ -1770,6 +1773,7 @@ System(char *command)
void (*csig)(int);
#endif
int status;
+ struct passwd *pwent;
if (!command)
return(1);
@@ -1791,6 +1795,9 @@ System(char *command)
case -1: /* error */
p = -1;
case 0: /* child */
+ pwent = getpwuid(getuid());
+ if (initgroups(pwent->pw_name,getgid()) == -1)
+ _exit(127);
if (setgid(getgid()) == -1)
_exit(127);
if (setuid(getuid()) == -1)
--- a/nxcomp/Pipe.cpp
+++ b/nxcomp/Pipe.cpp
@@ -21,6 +21,7 @@
#include <pwd.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <grp.h>
#include "Pipe.h"
#include "Misc.h"
@@ -234,6 +235,8 @@ FILE *Popen(char * const parameters[], c
// Child.
//
+ struct passwd *pwent = getpwuid(getuid());
+ if (pwent) initgroups(pwent->pw_name,getgid());
setgid(getgid());
setuid(getuid());
|