Title: Swift does not drop all group privileges
Impact: Low
Reporter: David Black
Products: Swift
Affects: All versions
Description:
David Black reported a vulnerability in Swift. Swift is started with root privileges and then switches to a less privileged user. The code that implements dropping root privileges did not properly clear the list of groups.
This issue is not exploitable by itself. However, it is considered a security issue as it could potentially result in an increase in what could be accomplished by exploiting another security vulnerability in Swift.
Draft of vulnerability description.
-----
Title: Swift does not drop all group privileges
Impact: Low
Reporter: David Black
Products: Swift
Affects: All versions
Description:
David Black reported a vulnerability in Swift. Swift is started with root privileges and then switches to a less privileged user. The code that implements dropping root privileges did not properly clear the list of groups.
This issue is not exploitable by itself. However, it is considered a security issue as it could potentially result in an increase in what could be accomplished by exploiting another security vulnerability in Swift.