diff options
Diffstat (limited to 'package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch')
| -rw-r--r-- | package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch b/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch new file mode 100644 index 0000000000..bb2ee1fc9a --- /dev/null +++ b/package/xinetd/0005-CVE-2013-4342-xinetd-ignores-user-and-group-directiv.patch @@ -0,0 +1,29 @@ +From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 +From: Thomas Swan <thomas.swan@gmail.com> +Date: Wed, 2 Oct 2013 23:17:17 -0500 +Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for + TCPMUX services + +Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + xinetd/builtins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xinetd/builtins.c b/xinetd/builtins.c +index 3b85579..34a5bac 100644 +--- a/xinetd/builtins.c ++++ b/xinetd/builtins.c +@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) + if( SC_IS_INTERNAL( scp ) ) { + SC_INTERNAL(scp, nserp); + } else { +- exec_server(nserp); ++ child_process(nserp); + } + } + +-- +2.20.1 + |