]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: adc54f4) | patch
Don't clear capability bounding set on capng_change_id
authorTimo Rothenpieler <timo@rothenpieler.org>
Wed, 18 Jan 2023 14:24:28 +0000 (15:24 +0100)
committerGert Doering <gert@greenie.muc.de>
Thu, 19 Jan 2023 07:39:03 +0000 (08:39 +0100)
commitd8523119b95db55d2c101b8364ce7e9d0d0f6f3a
treef921705c1e3b7afc55dbd91fb74e550623ee3dd2tree
parentadc54f483b210484ff1488e01c8aee1b2b0ea477commit | diff
Don't clear capability bounding set on capng_change_id

The bounding set being empty will overpower the likes of su/sudo
and will make it impossible for any child processes to ever gain
additional privileges again.

Github: fixes OpenVPN/openvpn#220

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230118142428.162-1-timo@rothenpieler.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26048.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/platform.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git