2010-02-05 Albert Lee <
[email protected]>
* SFEgcc.spec: Fix bootstrap compiler flags
* SFEmaildrop.spec: Add patch1 for CVE-2010-0301. Drop setuid root.
* patches/maildrop-01-cve-2010-0301.diff: Fix GID when run as root.
--- ../old/maildrop-2.2.0/maildrop/main.C 2008-05-08 17:38:46.000000000 +0200
+++ maildrop-2.2.0/maildrop/main.C 2010-01-28 20:23:35.000000000 +0100
@@ -471,6 +471,10 @@
nouser();
#if RESET_GID
setgroupid(my_pw->pw_gid);
+#else
+ // Only change it if we're root
+ if (geteuid() == 0)
+ setgroupid(getegid());
#endif
setuid(my_pw->pw_uid);
if (getuid() != my_pw->pw_uid)