oss-sec mailing list archives
CVE Request: powerdns does not clear supplementary groups
From: David Black <disclosure () d1b org>
Date: Fri, 25 May 2012 02:20:59 +1000
Powerdns does not drop/clear supplementary groups in its dropPrivs
routine where the intent is to drop privileges.
The relevant code can be found in pdns/unix_utility.cc /
pdns-recursor-3.3/unix_utility.cc [0].
Can a CVE id be assigned for this issue?
[0]
pdns/unix_utility.cc / pdns-recursor-3.3/unix_utility.cc
// Drops the program's privileges.
void Utility::dropPrivs( int uid, int gid )
{
if(gid) {
if(setgid(gid)<0) {
theL()<<Logger::Critical<<"Unable to set effective group id to
"<<gid<<": "<<stringerror()<<endl;
exit(1);
}
else
theL()<<Logger::Info<<"Set effective group id to "<<gid<<endl;
}
if(uid) {
if(setuid(uid)<0) {
theL()<<Logger::Critical<<"Unable to set effective user id to
"<<uid<<": "<<stringerror()<<endl;
exit(1);
}
else
theL()<<Logger::Info<<"Set effective user id to "<<uid<<endl;
}
}
Current thread:
- CVE Request: powerdns does not clear supplementary groups David Black (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Miloslav Trmac (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)