/[packages]/cauldron/tmux/current/SOURCES/tmux-1.0-04_dropping_unnecessary_privileges.diff
ViewVC logotype

Annotation of /cauldron/tmux/current/SOURCES/tmux-1.0-04_dropping_unnecessary_privileges.diff

Parent Directory Parent Directory | Revision Log Revision Log


Revision 99272 - (hide annotations) (download)
Mon May 16 15:30:30 2011 UTC (10 years, 4 months ago) by misc
File size: 850 byte(s)
- add patch to fix CVE-2011-1496 , bug 1299

1 misc 99272 # using setresgid() for safely dropping utmp group membership which were needed
2     # for makesocketpath() to create the user directory under /var/run/tmux which is
3     # only writeable for processes that have setgid utmp.
4     --- a/tmux.c
5     +++ b/tmux.c
6     @@ -235,6 +235,7 @@
7     struct keylist *keylist;
8     char *s, *path, *label, *home, **var;
9     int opt, flags, quiet, keys;
10     + u_int gid;
11    
12     #if defined(DEBUG) && defined(__OpenBSD__)
13     malloc_options = (char *) "AFGJPX";
14     @@ -483,6 +484,12 @@
15     }
16     }
17     }
18     + gid = getgid();
19     + /* drop unnecessary privileges which were needed for makesocketpath()
20     + * to create the user directory under /var/run/tmux which is only
21     + * writeable for processes that have setgid utmp. */
22     + if (setresgid(gid, gid, gid) != 0)
23     + return (NULL);
24     if (label != NULL)
25     xfree(label);
26     if (realpath(path, socket_path) == NULL)

  ViewVC Help
Powered by ViewVC 1.1.28