Front page | perl.perl5.porters |
Postings from June 2012
On Fri, Jun 8, 2012 at 7:56 PM, Reini Urban <reini@cpanel.net> wrote: > Upcoming group privilege dropping CVE > > POSIX and Proc::UID seem to be affected in 5.14.2 at least. > Confirmed on my system. > > FW from oss-security: > http://www.openwall.com/lists/oss-security/2012/05/24/6 > http://people.redhat.com/sgrubb/security/find-nodrop-groups > > “It finds many, many problems dropping supplemental groups. More than I > alone want to fix.” > > dantest@dantest.dan <mailto:dantest@dantest.dan> [~]# > find-nodrop-groups > FILE PACKAGE > /lib/security/pam_console.so pam-0.99.6.2-6.el5_5.2.src.rpm > /usr/lib/pppd/2.4.4/winbind.so ppp-2.4.4-2.el5.src.rpm > /usr/lib/pppd/2.4.4/passprompt.so ppp-2.4.4-2.el5.src.rpm > /usr/lib/tclx8.4/libtclx8.4.so tclx-8.4.0-5.fc6.src.rpm > > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Proc/UID/UID.sofile > > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Proc/UID/UID.so > is not owned by any package > > > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.soperl-5.8.8-10.src.rpm > /usr/lib/librpmio-4.4.so rpm-4.4.2.3-20.el5_5.1.src.rpm > /bin/ksh93 ksh-20100202-1.el5_5.1.src.rpm > /bin/bash bash-3.2-24.el5.src.rpm > /bin/tar tar-1.15.1-30.el5.src.rpm Why are bash and ksh93 in this list? IrekThread Previous