Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11549 closed Patch - Bug Fix (fixed)

Patch for static analysis detected setuid failure

Reported by: Gary Buhrmaster <gary.buhrmaster@…> Owned by: Gary Buhrmaster <gary.buhrmaster@…>
Priority: minor Milestone: 0.27
Component: MythTV - General Version: Master Head
Severity: medium Keywords:
Cc: Ticket locked: no

Description

Static analysis (scan-build) reported a possible (edge case) security error in the use of setuid, where there was no checking for success/failure. This could result in proceeding with root privs if mythavtest or mythfrontend was suid root and the setuid failed. This patch checks the return value, and exits if the setuid fails.

https://github.com/garybuhrmaster/mythtv/commit/18bcaa4f9211f8fd30debcb3f740ccb1b2ca0b3a

Change History (2)

comment:1 Changed 5 years ago by Gary Buhrmaster <gary.buhrmaster@…>

Owner: set to Gary Buhrmaster <gary.buhrmaster@…>
Resolution: fixed
Status: newclosed

In 40daef661e872986284567f97a642fc08f7ea792/mythtv:

Apply fix for static analysis (scan-build) detection of a potential security issue (not checking the return value from setuid).

Fixes #11549

comment:2 Changed 5 years ago by paulh

Milestone: unknown0.27
Note: See TracTickets for help on using tickets.