commit | a605bd2f9b9dafbdd0f0c82820b090752605285a | [log] [tgz] |
---|---|---|
author | Jorge Lucangeli Obes <jorgelo@google.com> | Fri Jan 13 11:07:02 2017 -0500 |
committer | Jorge Lucangeli Obes <jorgelo@google.com> | Wed Jan 18 22:24:18 2017 -0500 |
tree | 42a92916d52eb07b323e1bd28f5be8becb739d63 | |
parent | 34538ca0990a369f223bdb00b82a75999e758940 [diff] |
racoon: Check the return value of setuid(2). 'racoon' was not checking the return value of setuid(2). This is a security bug, though mitigated by SELinux. This bug would be exploited by creating enough processes running as user 'vpn' that the setuid(2) call fails with EAGAIN, so that the racoon process then continues running as root. Bug: 33938230 Test: Builds, 'racoon' starts correctly. Change-Id: I916123c7de220c659fbe98bc2016f9f52002d2eb