Overview

File opielogin-setuid-CVE-2011-2490.patch of Package opie

--- opielogin.c.xx	2011-06-27 16:46:10.000000000 +0200
+++ opielogin.c	2011-06-27 16:48:05.000000000 +0200
@@ -1309,7 +1309,11 @@
   fflush(stderr);
 #endif	/* PERMSFILE */
 
-  setuid(thisuser.pw_uid);
+  if (setuid(thisuser.pw_uid) < 0) {
+    syslog(LOG_ERR, "setuid() failed with %m. Attack attempt on tty %s, name %s", tty, name);
+    exit(1);
+  }
+
 
   /* destroy environment unless user has asked to preserve it */
   if (!pflag)
openSUSE Build Service is sponsored by
Places