]> git.apps.os.sepia.ceph.com Git - fscrypt.git/commit
projects / fscrypt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d4d88e1) | patch
Ensure setting user privileges is reversible
authorJoe Richey joerichey@google.com <joerichey@google.com>
Wed, 22 Aug 2018 12:17:32 +0000 (05:17 -0700)
committerJoe Richey joerichey@google.com <joerichey@google.com>
Thu, 23 Aug 2018 18:00:34 +0000 (11:00 -0700)
commit3022c1603d968c22f147b4a2c49c4637dd1be91b
tree9d13faee4a46e5516018ddaf18bab7ee9bfa50b7tree | snapshot
parentd4d88e16b54eaa9ba2a8dcb07ba545b60f4d4208commit | diff
Ensure setting user privileges is reversible

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.
pam/pam.go diff | blob | history
security/privileges.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.