oss-sec mailing list archives
CVE Request: powerdns does not clear supplementary groups
From: David Black <disclosure () d1b org>
Date: Fri, 25 May 2012 02:20:59 +1000
Powerdns does not drop/clear supplementary groups in its dropPrivs routine where the intent is to drop privileges. The relevant code can be found in pdns/unix_utility.cc / pdns-recursor-3.3/unix_utility.cc [0]. Can a CVE id be assigned for this issue? [0] pdns/unix_utility.cc / pdns-recursor-3.3/unix_utility.cc // Drops the program's privileges. void Utility::dropPrivs( int uid, int gid ) { if(gid) { if(setgid(gid)<0) { theL()<<Logger::Critical<<"Unable to set effective group id to "<<gid<<": "<<stringerror()<<endl; exit(1); } else theL()<<Logger::Info<<"Set effective group id to "<<gid<<endl; } if(uid) { if(setuid(uid)<0) { theL()<<Logger::Critical<<"Unable to set effective user id to "<<uid<<": "<<stringerror()<<endl; exit(1); } else theL()<<Logger::Info<<"Set effective user id to "<<uid<<endl; } }
Current thread:
- CVE Request: powerdns does not clear supplementary groups David Black (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Miloslav Trmac (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)