diff options
author | Lyude Paul <lyude@redhat.com> | 2019-05-07 18:15:20 -0400 |
---|---|---|
committer | Lyude Paul <lyude@redhat.com> | 2019-05-09 14:35:19 -0400 |
commit | 3e06258b38e88ea3ad6fa3c4961ee47c636e8cff (patch) | |
tree | f893d7e18fe25522e9000babaadf54a83b114eba /lib/igt_gt.c | |
parent | 7eb493434d22f453c2f4185291fd8b029129ed02 (diff) |
lib/aux: Call setgroups() in igt_drop_root() before setgid()
While igt isn't really security sensitive, forgetting to call
setgroups() before calling setgid() causes rpmlint on Fedora to
complain:
igt-gpu-tools.x86_64: E: missing-call-to-setgroups-before-setuid
/usr/lib64/libigt.so.0
...
missing-call-to-setgroups-before-setuid:
This executable is calling setuid and setgid without setgroups or
initgroups. There is a high probability this means it didn't relinquish
all groups, and this would be a potential security issue to be fixed.
Seek POS36-C on the web for details about the problem.
Since it's likely other package maintainers for other distros will have
to deal with similar issues eventually, and I can't see any harm in it,
let's do the right thing and call setgroups() first.
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Diffstat (limited to 'lib/igt_gt.c')
0 files changed, 0 insertions, 0 deletions