ykohut/rpcbind
1
0
Fork 0
forked from rpms/rpcbind
Code Pull Requests Activity

rpcbind needs to downgrade to non-priviledgied group

Browse Source
This commit is contained in:
Steve Dickson 2008-06-23 16:39:59 +00:00
parent d85eb9a08d
commit 27d02e3e71
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
rpcbind-0.1.5-setgid.patch Normal file
View File

@ -0,0 +1,28 @@
commit f7d18d511767e892e52932f8c6f6e49755a8e5bc
Author: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Mon Jun 23 12:30:29 2008 -0400
rpcbind needs to also downgrade its gid to a non-priviledgied group
Signed-off-by: Andreas Hasenack <andreas@mandriva.com>
Signed-off-by: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcbind.c b/src/rpcbind.c
index 949ece2..fb75517 100644
--- a/src/rpcbind.c
+++ b/src/rpcbind.c
@@ -216,8 +216,12 @@ main(int argc, char *argv[])
syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
exit(1);
}
+ if (setgid(p->pw_gid) == -1) {
+ syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
+ exit(1);
+ }
if (setuid(p->pw_uid) == -1) {
- syslog(LOG_ERR, "setuid to '%s' failed: %m", id);
+ syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid);
exit(1);
}
}

7
rpcbind.spec
View File

@ -2,7 +2,7 @@
Name: rpcbind Name: rpcbind
Version: 0.1.5 Version: 0.1.5
Release: 1%{?dist} Release: 2%{?dist}
Summary: Universal Addresses to RPC Program Number Mapper Summary: Universal Addresses to RPC Program Number Mapper
Group: System Environment/Daemons Group: System Environment/Daemons
License: GPL License: GPL
@ -26,6 +26,7 @@ Provides: portmap = %{version}-%{release}
Obsoletes: portmap <= 4.0-65.3 Obsoletes: portmap <= 4.0-65.3
Patch1: rpcbind-0.1.4-iff_up.patch Patch1: rpcbind-0.1.4-iff_up.patch
Patch2: rpcbind-0.1.5-setgid.patch
%description %description
The rpcbind utility is a server that converts RPC program numbers into The rpcbind utility is a server that converts RPC program numbers into
@ -36,6 +37,7 @@ RPC calls on a server on that machine.
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1
%build %build
%ifarch s390 s390x %ifarch s390 s390x
@ -115,6 +117,9 @@ fi
%dir %attr(700,rpc,rpc) /var/lib/rpcbind %dir %attr(700,rpc,rpc) /var/lib/rpcbind
%changelog %changelog
* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1
- rpcbind needs to downgrade to non-priviledgied group.
* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1 * Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1
- Updated to latest upstream release 0.1.5 - Updated to latest upstream release 0.1.5