Modify
Warning Please read the Ticket HowTo before creating or commenting on a ticket. Failure to do so may cause your ticket to be rejected or result in a slower response.

Opened 11 months ago

Closed 11 months ago

Last modified 10 months ago

#11549 closed Patch - Bug Fix (fixed)

Patch for static analysis detected setuid failure

Reported by: Gary Buhrmaster <gary.buhrmaster@…> Owned by: Gary Buhrmaster <gary.buhrmaster@…>
Priority: minor Milestone: 0.27
Component: MythTV - General Version: Master Head
Severity: medium Keywords:
Cc: Ticket locked: no

Description

Static analysis (scan-build) reported a possible (edge case) security error in the use of setuid, where there was no checking for success/failure. This could result in proceeding with root privs if mythavtest or mythfrontend was suid root and the setuid failed. This patch checks the return value, and exits if the setuid fails.

https://github.com/garybuhrmaster/mythtv/commit/18bcaa4f9211f8fd30debcb3f740ccb1b2ca0b3a

Attachments (0)

Change History (2)

comment:1 Changed 11 months ago by Gary Buhrmaster <gary.buhrmaster@…>

  • Owner set to Gary Buhrmaster <gary.buhrmaster@…>
  • Resolution set to fixed
  • Status changed from new to closed

In 40daef661e872986284567f97a642fc08f7ea792/mythtv:

Apply fix for static analysis (scan-build) detection of a potential security issue (not checking the return value from setuid).

Fixes #11549

comment:2 Changed 10 months ago by paulh

  • Milestone changed from unknown to 0.27

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'new'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.