Patch for CAN-2005-0866 still relevant?

[cdrtools-2.01-scsi-remote.patch]

--- cdrecord-2.01/librscg/scsi-remote.c.org	2004-08-30 16:09:33.000000000 -0600

+++ cdrecord-2.01/librscg/scsi-remote.c	2004-08-30 16:11:06.000000000 -0600

@@ -1071,9 +1071,9 @@

 		/*

 		 * Become 'locuser' to tell the rsh program the local user id.

 		 */

-		if (getuid() != pw->pw_uid &&

-		    setuid(pw->pw_uid) == -1) {

-			errmsg("setuid(%lld) failed.\n",

+		if ((pw->pw_uid) != geteuid() &&

+		    seteuid(pw->pw_uid) == -1) {

+			errmsg("seteuid(%lld) failed.\n",

 							(Llong)pw->pw_uid);

 			_exit(EX_BAD);

 			/* NOTREACHED */

--- cdrtools-2.01/rscsi/rscsi.dfl.org	2005-05-07 20:19:15.930567520 +0200

+++ cdrtools-2.01/rscsi/rscsi.dfl	2005-05-07 20:19:21.072785784 +0200

@@ -11,6 +11,8 @@

 # The file where debug info should go to.

 # If you don't like debugging (e.g. for speed) comment out

 # the this line.

+# Security note: Set this to a safe place to write output, such as your home

+# directory

 #

 #DEBUG=/tmp/RSCSI

 



Patch for CAN-2005-0866 still relevant?

Patch for CAN-2005-0866 still relevant?

Re: Patch for CAN-2005-0866 still relevant?

Re: Patch for CAN-2005-0866 still relevant?

	Patch for CAN-2005-0866 still relevant? by Bugzilla from sebastian_ml@gmx.net :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello Jörg, I was going trough the Gentoo cdrtools ebuilds and found attached patch. Is it still relevant for cdrtools-2.01.01a34? Bye Sebastian `[cdrtools-2.01-scsi-remote.patch]` --- cdrecord-2.01/librscg/scsi-remote.c.org 2004-08-30 16:09:33.000000000 -0600 +++ cdrecord-2.01/librscg/scsi-remote.c 2004-08-30 16:11:06.000000000 -0600 @@ -1071,9 +1071,9 @@ /* * Become 'locuser' to tell the rsh program the local user id. / - if (getuid() != pw->pw_uid && - setuid(pw->pw_uid) == -1) { - errmsg("setuid(%lld) failed.\n", + if ((pw->pw_uid) != geteuid() && + seteuid(pw->pw_uid) == -1) { + errmsg("seteuid(%lld) failed.\n", (Llong)pw->pw_uid); _exit(EX_BAD); / NOTREACHED */ --- cdrtools-2.01/rscsi/rscsi.dfl.org 2005-05-07 20:19:15.930567520 +0200 +++ cdrtools-2.01/rscsi/rscsi.dfl 2005-05-07 20:19:21.072785784 +0200 @@ -11,6 +11,8 @@ # The file where debug info should go to. # If you don't like debugging (e.g. for speed) comment out # the this line. +# Security note: Set this to a safe place to write output, such as your home +# directory # #DEBUG=/tmp/RSCSI _______________________________________________ Cdrecord-developers mailing list Cdrecord-developers@... https://lists.berlios.de/mailman/listinfo/cdrecord-developers
	Re: Patch for CAN-2005-0866 still relevant? by Joerg Schilling-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Sebastian Kemper <sebastian_ml@...> wrote: > Hello Jörg, > > I was going trough the Gentoo cdrtools ebuilds and found attached patch. Is it > still relevant for cdrtools-2.01.01a34? Fixed in october 2004 - long ago.... This was only a problem in case that /bin/sh was bash Jörg -- EMail:joerg@... (home) Jörg Schilling D-13353 Berlin js@... (uni) schilling@... (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily _______________________________________________ Cdrecord-developers mailing list Cdrecord-developers@... https://lists.berlios.de/mailman/listinfo/cdrecord-developers
	Re: Patch for CAN-2005-0866 still relevant? by Bugzilla from sebastian_ml@gmx.net :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Friday 24 August 2007 at 12:35:34 Joerg Schilling wrote: > Fixed in october 2004 - long ago.... > > This was only a problem in case that /bin/sh was bash Thanks for clearing that up! Regards Sebastian _______________________________________________ Cdrecord-developers mailing list Cdrecord-developers@... https://lists.berlios.de/mailman/listinfo/cdrecord-developers