Opened 11 years ago
Closed 11 years ago
Last modified 11 years ago
#11549 closed Patch - Bug Fix (fixed)
Patch for static analysis detected setuid failure
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | 0.27 |
Component: | MythTV - General | Version: | Master Head |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
Static analysis (scan-build) reported a possible (edge case) security error in the use of setuid, where there was no checking for success/failure. This could result in proceeding with root privs if mythavtest or mythfrontend was suid root and the setuid failed. This patch checks the return value, and exits if the setuid fails.
https://github.com/garybuhrmaster/mythtv/commit/18bcaa4f9211f8fd30debcb3f740ccb1b2ca0b3a
Change History (2)
Note: See
TracTickets for help on using
tickets.
In 40daef661e872986284567f97a642fc08f7ea792/mythtv: