libtirpc/libtirpc-0.1.9-0009-Fix-getpeereid.patch

36 lines
1.2 KiB
Diff

From 6c487efe74adb5c29f7bee5bd51b3ebef4968f7d Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:09:06 -0400
Subject: [PATCH] Fix getpeereid
getpeereid fails because it uses an incorrect getsockopt call to obtain
the peer credentials on a AF_LOCAL socket. This in turn will cause all
RPC services to be registered with rpcbind to show up as having been
registered by "unknown".
This has a serious impact on security - a service owned by "unknown"
can essentially be unregistered (and thus replaced) by anyone.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/getpeereid.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/getpeereid.c b/src/getpeereid.c
index 9207d9d..57ee197 100644
--- a/src/getpeereid.c
+++ b/src/getpeereid.c
@@ -41,7 +41,7 @@ getpeereid(int s, uid_t *euid, gid_t *egid)
int error;
uclen = sizeof(uc);
- error = getsockopt(s, 0, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */
+ error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */
if (error != 0)
return (error);
// if (uc.cr_version != XUCRED_VERSION)
--
1.5.6