kcgi/rpmlint-security-fixes.patch

diff -ur kcgi-VERSION_0_10_11.orig/kfcgi.c kcgi-VERSION_0_10_11/kfcgi.c
--- kcgi-VERSION_0_10_11.orig/kfcgi.c	2019-08-10 03:17:34.000000000 -0500
+++ kcgi-VERSION_0_10_11/kfcgi.c	2020-01-09 17:47:38.354059975 -0600
@@ -1063,7 +1063,11 @@
 	/* 
 	 * Jail our file-system.
 	 */
-	if (-1 == chroot(chpath)) {
+	if (-1 == chdir(chpath)) {
+		perror("chdir");
+		close(fd);
+		return(EXIT_FAILURE);
+	} else if (-1 == chroot(chpath)) {
 		perror("chroot");
 		close(fd);
 		return(EXIT_FAILURE);
@@ -1075,6 +1079,7 @@
 	}
 
 	if (NULL != procuser)  {
+		setgroups(0, NULL);
 		if (0 != setgid(procgid)) {
 			perror(procuser);
 			close(fd);
- Initial package OBS-URL: https://build.opensuse.org/package/show/home:archie172/kcgi?expand=0&rev=1 2020-01-09 23:57:14 +00:00			`diff -ur kcgi-VERSION_0_10_11.orig/kfcgi.c kcgi-VERSION_0_10_11/kfcgi.c`
			`--- kcgi-VERSION_0_10_11.orig/kfcgi.c 2019-08-10 03:17:34.000000000 -0500`
			`+++ kcgi-VERSION_0_10_11/kfcgi.c 2020-01-09 17:47:38.354059975 -0600`
			`@@ -1063,7 +1063,11 @@`
			`/*`
			`* Jail our file-system.`
			`*/`
			`- if (-1 == chroot(chpath)) {`
			`+ if (-1 == chdir(chpath)) {`
			`+ perror("chdir");`
			`+ close(fd);`
			`+ return(EXIT_FAILURE);`
			`+ } else if (-1 == chroot(chpath)) {`
			`perror("chroot");`
			`close(fd);`
			`return(EXIT_FAILURE);`
			`@@ -1075,6 +1079,7 @@`
			`}`

			`if (NULL != procuser) {`
			`+ setgroups(0, NULL);`
			`if (0 != setgid(procgid)) {`
			`perror(procuser);`
			`close(fd);`