forked from pool/libtirpc
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From 6c487efe74adb5c29f7bee5bd51b3ebef4968f7d Mon Sep 17 00:00:00 2001
|
|
From: Olaf Kirch <okir@suse.de>
|
|
Date: Tue, 30 Sep 2008 15:09:06 -0400
|
|
Subject: [PATCH] Fix getpeereid
|
|
|
|
getpeereid fails because it uses an incorrect getsockopt call to obtain
|
|
the peer credentials on a AF_LOCAL socket. This in turn will cause all
|
|
RPC services to be registered with rpcbind to show up as having been
|
|
registered by "unknown".
|
|
|
|
This has a serious impact on security - a service owned by "unknown"
|
|
can essentially be unregistered (and thus replaced) by anyone.
|
|
|
|
Signed-off-by: Olaf Kirch <okir@suse.de>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
---
|
|
src/getpeereid.c | 2 +-
|
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
|
|
|
diff --git a/src/getpeereid.c b/src/getpeereid.c
|
|
index 9207d9d..57ee197 100644
|
|
--- a/src/getpeereid.c
|
|
+++ b/src/getpeereid.c
|
|
@@ -41,7 +41,7 @@ getpeereid(int s, uid_t *euid, gid_t *egid)
|
|
int error;
|
|
|
|
uclen = sizeof(uc);
|
|
- error = getsockopt(s, 0, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */
|
|
+ error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */
|
|
if (error != 0)
|
|
return (error);
|
|
// if (uc.cr_version != XUCRED_VERSION)
|
|
--
|
|
1.5.6
|
|
|