ppp/ppp-2.4.3-CVE_2006_2194.patch

26 lines
709 B
Diff

--- ppp-2.4.3/pppd/plugins/winbind.c 2004-11-05 10:42:31.000000000 +0100
+++ ppp-2.4.3/pppd/plugins/winbind.c-secfix 2006-07-11 09:22:08.000000000 +0200
@@ -304,13 +304,21 @@
}
if (forkret == 0) {
+ uid_t uid = getuid();
/* child process */
close(child_out[0]);
close(child_in[1]);
/* run winbind as the user that invoked pppd */
setgid(getgid());
- setuid(getuid());
+ if (-1 == setuid(uid)) {
+ perror("pppd/winbind: could not setuid");
+ exit(1);
+ }
+ if (getuid() != uid) {
+ perror("pppd/winbind: could not setuid to orig uid");
+ exit(1);
+ }
execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);
perror("pppd/winbind: could not exec /bin/sh");
exit(1);