My apologies Kev, all, I hadn't realized I missed this one when assigning CVEs earlier.
I'm not sure what the flaw is.
I'm also not sure about the fix:
- line 455: drop_privileges(True) - line 500: info.add_proc_info(pid)
so privileges are partially dropped at this point already, no?
I'll feel better about assigning a CVE number once I understand a proposed fix.
Thanks
My apologies Kev, all, I hadn't realized I missed this one when assigning CVEs earlier.
I'm not sure what the flaw is.
I'm also not sure about the fix:
- line 455: drop_privileges (True) proc_info( pid)
- line 500: info.add_
so privileges are partially dropped at this point already, no?
I'll feel better about assigning a CVE number once I understand a proposed fix.
Thanks