~ruther/guix-local

ref: 4e8efc15fb9082fb80726a2a37c4e6ebb13552fa guix-local/gnu/packages/patches/rush-CVE-2013-6889.patch -rw-r--r-- 664 bytes
4e8efc15 — Mark H Weaver gnu: linux-libre@4.1: Update to 4.1.29. 9 years ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
Author: Mats Erik Andersson <gnu@gisladisker.se>
Date:   Mon Jan 20 13:33:52 2014 +0200

    Protect against CVE-2013-6889 (tiny change).
    
    Reset the effective user identification in testing mode.

diff --git a/src/rush.c b/src/rush.c
index 45d737a..dc6518e 100644
--- a/src/rush.c
+++ b/src/rush.c
@@ -980,6 +980,10 @@ main(int argc, char **argv)
 	} else if (argc > optind)
 		die(usage_error, NULL, _("invalid command line"));
 	
+	/* Relinquish root privileges in test mode */
+	if (lint_option)
+		setuid(getuid());
+	
 	if (test_user_name) {
 		struct passwd *pw = getpwnam(test_user_name);
 		if (!pw)