[SCM] rtkit/master: debian/patches/02-fix-undropped-supp-groups.patch
alessio at users.alioth.debian.org
alessio at users.alioth.debian.org
Thu Jul 28 14:52:36 UTC 2011
The following commit has been merged in the master branch:
commit faab8e78b2679483fc32efe3f6bb1cb74b1c34e7
Author: Alessio Treglia <alessio at debian.org>
Date: Thu Jul 28 16:52:49 2011 +0200
debian/patches/02-fix-undropped-supp-groups.patch
- Fix a security bug of not dropping supplemental groups.
diff --git a/debian/patches/02-fix-undropped-supp-groups.patch b/debian/patches/02-fix-undropped-supp-groups.patch
new file mode 100644
index 0000000..d177734
--- /dev/null
+++ b/debian/patches/02-fix-undropped-supp-groups.patch
@@ -0,0 +1,22 @@
+Index: rtkit-0.10/rtkit-daemon.c
+===================================================================
+--- rtkit-0.10.orig/rtkit-daemon.c 2011-07-15 18:48:06.000000000 -0400
++++ rtkit-0.10/rtkit-daemon.c 2011-07-15 18:48:17.000000000 -0400
+@@ -49,6 +49,7 @@
+ #include <pthread.h>
+ #include <dirent.h>
+ #include <syslog.h>
++#include <grp.h>
+
+ #include "rtkit.h"
+ #include "sd-daemon.h"
+@@ -1777,7 +1778,8 @@
+ }
+
+ /* Fourth, drop privs */
+- if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
++ if (setgroups(0, NULL) < 0 ||
++ setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
+ setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {
+ r = -errno;
+ syslog(LOG_ERR, "Failed to become %s: %s\n", username, strerror(errno));
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..c7b9765
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+02-fix-undropped-supp-groups.patch
diff --git a/debian/patches/ubuntu.series b/debian/patches/ubuntu.series
index d66223d..d9cf0e8 100644
--- a/debian/patches/ubuntu.series
+++ b/debian/patches/ubuntu.series
@@ -1 +1,2 @@
01-no_ptrace_cap.patch
+02-fix-undropped-supp-groups.patch
--
rtkit packaging
More information about the pkg-multimedia-commits
mailing list