summaryrefslogtreecommitdiff
path: root/Dockerfile.fedora
diff options
context:
space:
mode:
authorLyude Paul <lyude@redhat.com>2019-05-07 18:15:20 -0400
committerLyude Paul <lyude@redhat.com>2019-05-09 14:35:19 -0400
commit3e06258b38e88ea3ad6fa3c4961ee47c636e8cff (patch)
treef893d7e18fe25522e9000babaadf54a83b114eba /Dockerfile.fedora
parent7eb493434d22f453c2f4185291fd8b029129ed02 (diff)
lib/aux: Call setgroups() in igt_drop_root() before setgid()
While igt isn't really security sensitive, forgetting to call setgroups() before calling setgid() causes rpmlint on Fedora to complain: igt-gpu-tools.x86_64: E: missing-call-to-setgroups-before-setuid /usr/lib64/libigt.so.0 ... missing-call-to-setgroups-before-setuid: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Since it's likely other package maintainers for other distros will have to deal with similar issues eventually, and I can't see any harm in it, let's do the right thing and call setgroups() first. Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Lyude Paul <lyude@redhat.com>
Diffstat (limited to 'Dockerfile.fedora')
0 files changed, 0 insertions, 0 deletions