rpcbind needs to downgrade to non-priviledgied group

2008-06-23 16:39:59 +00:00 · 2008-06-23 16:39:59 +00:00 · 27d02e3e71
commit 27d02e3e71
parent d85eb9a08d
2 changed files with 34 additions and 1 deletions
--- a/rpcbind-0.1.5-setgid.patch
+++ b/rpcbind-0.1.5-setgid.patch
@ -0,0 +1,28 @@
+commit f7d18d511767e892e52932f8c6f6e49755a8e5bc
+Author: Guillaume Rousse <Guillaume.Rousse@inria.fr>
+Date:   Mon Jun 23 12:30:29 2008 -0400
+
+    rpcbind needs to also downgrade its gid to a non-priviledgied group
+    
+    Signed-off-by: Andreas Hasenack <andreas@mandriva.com>
+    Signed-off-by: Guillaume Rousse <Guillaume.Rousse@inria.fr>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 949ece2..fb75517 100644
+--- a/src/rpcbind.c
+++ b/src/rpcbind.c
+@@ -216,8 +216,12 @@ main(int argc, char *argv[])
+ 			syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
+ 			exit(1);
+ 		}
+                if (setgid(p->pw_gid) == -1) {
+                        syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
+                        exit(1);
+                }
+ 		if (setuid(p->pw_uid) == -1) {
+-			syslog(LOG_ERR, "setuid to '%s' failed: %m", id);
+			syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid);
+ 			exit(1);
+ 		}
+ 	}
--- a/rpcbind.spec
+++ b/rpcbind.spec
@ -2,7 +2,7 @@

 Name:           rpcbind
 Version:        0.1.5
-Release: 		1%{?dist}
+Release: 		2%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        GPL
@ -26,6 +26,7 @@ Provides: portmap = %{version}-%{release}
 Obsoletes: portmap <= 4.0-65.3

 Patch1: rpcbind-0.1.4-iff_up.patch
+Patch2: rpcbind-0.1.5-setgid.patch

 %description
 The rpcbind utility is a server that converts RPC program numbers into
@ -36,6 +37,7 @@ RPC calls on a server on that machine.
 %setup -q

 %patch1 -p1
+%patch2 -p1

 %build
 %ifarch s390 s390x
@ -115,6 +117,9 @@ fi
 %dir %attr(700,rpc,rpc) /var/lib/rpcbind

 %changelog
+* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1
+- rpcbind needs to downgrade to non-priviledgied group.
+
 * Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1
 - Updated to latest upstream release 0.1.5