[PATCH 3/3] wall: Temporarily drop privileges when opening files
Denys Vlasenko
vda.linux at googlemail.com
Tue Oct 8 12:55:44 UTC 2013
On Tuesday 08 October 2013 02:02, Ryan Mallon wrote:
> The wall applet is setuid and currently does no checking of the real
> user's read access to the message file. This allows the wall applet to
> be used to display files which are not readable by an unprivileged
> user. For example:
>
> $ wall /etc/shadow
> $ wall /proc/vmallocinfo
>
> Fix this by temporarily dropping privileges before opening the file.
Applied all three patches (with small modifications).
Thanks!
More information about the busybox
mailing list