You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[ 5s] postsrsd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/postsrsd
[ 5s] This executable is calling setuid and setgid without setgroups or initgroups.
[ 5s] This means it didn't relinquish all groups, and this would be a potential
[ 5s] security issue.
Supplementary groups are kept across setgid and setuid calls, so drop_privileges may not be completely dropping all privileges provided suitable starting conditions. Consider:
### ls -al /etc/at.deny
-rw-r----- 1 root root 62 Aug 31 14:16 /etc/at.deny
### cat x.cpp
#include <unistd.h>
#include <stdio.h>
int main()
{
setgid(65534);
setuid(65534);
if (access("/etc/at.deny", R_OK) == 0)
printf("Can still read\n");
}
### ./a.out
Can still read
The text was updated successfully, but these errors were encountered:
rpmlint has found an issue with postsrsd 2.0.1:
Supplementary groups are kept across setgid and setuid calls, so
drop_privilegesmay not be completely dropping all privileges provided suitable starting conditions. Consider:The text was updated successfully, but these errors were encountered: