guix/gnu/packages/patches/rush-CVE-2013-6889.patch
Ludovic Courtès 2ca55f939c
gnu: rush: Fix CVE-2013-6889.
* gnu/packages/patches/rush-CVE-2013-6889.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/rush.scm (rush): Use it.
2016-05-26 22:51:12 +02:00

23 lines
664 B
Diff

commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
Author: Mats Erik Andersson <gnu@gisladisker.se>
Date: Mon Jan 20 13:33:52 2014 +0200
Protect against CVE-2013-6889 (tiny change).
Reset the effective user identification in testing mode.
diff --git a/src/rush.c b/src/rush.c
index 45d737a..dc6518e 100644
--- a/src/rush.c
+++ b/src/rush.c
@@ -980,6 +980,10 @@ main(int argc, char **argv)
} else if (argc > optind)
die(usage_error, NULL, _("invalid command line"));
+ /* Relinquish root privileges in test mode */
+ if (lint_option)
+ setuid(getuid());
+
if (test_user_name) {
struct passwd *pw = getpwnam(test_user_name);
if (!pw)