| From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 |
| From: Thomas Swan <thomas.swan@gmail.com> |
| Date: Wed, 2 Oct 2013 23:17:17 -0500 |
| Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for |
| TCPMUX services |
| |
| Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). |
| |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| --- |
| xinetd/builtins.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/xinetd/builtins.c b/xinetd/builtins.c |
| index 3b85579..34a5bac 100644 |
| --- a/xinetd/builtins.c |
| +++ b/xinetd/builtins.c |
| @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) |
| if( SC_IS_INTERNAL( scp ) ) { |
| SC_INTERNAL(scp, nserp); |
| } else { |
| - exec_server(nserp); |
| + child_process(nserp); |
| } |
| } |
| |
| -- |
| 2.20.1 |
| |
