diff options
| author | Tom Yu <tlyu@mit.edu> | 2006-08-08 19:26:40 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2006-08-08 19:26:40 +0000 |
| commit | 7b141abe9aa72db8c7243d4f0a30b87e59789579 (patch) | |
| tree | 75758af4fbe75e55f3ed8ded57f650014ffd6170 /src/appl/bsd/v4rcp.c | |
| parent | 90ce1170a03c1451c1bbe15af6ca1ead326eeb83 (diff) | |
| download | krb5-7b141abe9aa72db8c7243d4f0a30b87e59789579.zip krb5-7b141abe9aa72db8c7243d4f0a30b87e59789579.tar.gz krb5-7b141abe9aa72db8c7243d4f0a30b87e59789579.tar.bz2 | |
fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
* src/appl/bsd/v4rcp.c (main):
* src/appl/bsd/krcp.c (main):
* src/appl/bsd/krshd.c (doit):
* src/appl/bsd/login.c (main):
* src/clients/ksu/main.c (sweep_up):
* src/lib/krb4/kuserok.c (kuserok): Check return values from
setuid() and related functions to avoid privilege escalation
vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
VU#580124, CVE-2006-3084, VU#401660]
ticket: new
target_version: 1.5.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl/bsd/v4rcp.c')
| -rw-r--r-- | src/appl/bsd/v4rcp.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 2354a2c..67bf877 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -436,7 +436,10 @@ int main(argc, argv) kstream_set_buffer_mode (krem, 0); #endif /* KERBEROS && !NOENCRYPTION */ (void) response(); - (void) setuid(userid); + if (setuid(userid)) { + error("rcp: can't setuid(user)\n"); + exit(1); + } source(--argc, ++argv); exit(errs); @@ -452,7 +455,10 @@ int main(argc, argv) krem = kstream_create_from_fd (rem, 0, 0); kstream_set_buffer_mode (krem, 0); #endif /* KERBEROS && !NOENCRYPTION */ - (void) setuid(userid); + if (setuid(userid)) { + error("rcp: can't setuid(user)\n"); + exit(1); + } sink(--argc, ++argv); exit(errs); |