Apport get_config incorrectly drops privileges
Bug #1903332 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apport (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Privilege dropping code here drops uid before gid instead of the correct order of gid before uid. Likely this code fails and is caught by the try statement:
Related branches
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
Please also do the python equivalant of setgroups(0, NULL) before dropping the gid (you could also use a one element list that is the dropped-to group). To add them back, you'll need to do the setgroups() after raising the uid. Drop order is setgroups(), setegid(), seteuid(); raise order is seteuid(), setegid(), setgroups().