ppp/ppp-2.4.3-CVE_2006_2194.patch

--- ppp-2.4.3/pppd/plugins/winbind.c	2004-11-05 10:42:31.000000000 +0100
+++ ppp-2.4.3/pppd/plugins/winbind.c-secfix	2006-07-11 09:22:08.000000000 +0200
@@ -304,13 +304,21 @@
         }
 
 	if (forkret == 0) {
+		uid_t uid = getuid();
 		/* child process */
 		close(child_out[0]);
 		close(child_in[1]);
 
 		/* run winbind as the user that invoked pppd */
 		setgid(getgid());
-		setuid(getuid());
+		if (-1 == setuid(uid)) {
+			perror("pppd/winbind: could not setuid");
+			exit(1);
+		}
+		if (getuid() != uid) {
+			perror("pppd/winbind: could not setuid to orig uid");
+			exit(1);
+		}
 		execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);  
 		perror("pppd/winbind: could not exec /bin/sh");
 		exit(1);
automatic version update by autodist [release 2.4.6-1mamba;Thu Feb 20 2014] 2024-01-06 10:30:09 +01:00			`--- ppp-2.4.3/pppd/plugins/winbind.c 2004-11-05 10:42:31.000000000 +0100`
			`+++ ppp-2.4.3/pppd/plugins/winbind.c-secfix 2006-07-11 09:22:08.000000000 +0200`
			`@@ -304,13 +304,21 @@`
			`}`

			`if (forkret == 0) {`
			`+ uid_t uid = getuid();`
			`/* child process */`
			`close(child_out[0]);`
			`close(child_in[1]);`

			`/* run winbind as the user that invoked pppd */`
			`setgid(getgid());`
			`- setuid(getuid());`
			`+ if (-1 == setuid(uid)) {`
			`+ perror("pppd/winbind: could not setuid");`
			`+ exit(1);`
			`+ }`
			`+ if (getuid() != uid) {`
			`+ perror("pppd/winbind: could not setuid to orig uid");`
			`+ exit(1);`
			`+ }`
			`execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);`
			`perror("pppd/winbind: could not exec /bin/sh");`
			`exit(1);`