Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / ipsec-tools / a605bd2f9b9dafbdd0f0c82820b090752605285a
commita605bd2f9b9dafbdd0f0c82820b090752605285a[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@google.com>Fri Jan 13 11:07:02 2017 -0500
committerJorge Lucangeli Obes <jorgelo@google.com>Wed Jan 18 22:24:18 2017 -0500
tree42a92916d52eb07b323e1bd28f5be8becb739d63
parent34538ca0990a369f223bdb00b82a75999e758940 [diff]
racoon: Check the return value of setuid(2).

'racoon' was not checking the return value of setuid(2). This is a
security bug, though mitigated by SELinux. This bug would be exploited
by creating enough processes running as user 'vpn' that the setuid(2)
call fails with EAGAIN, so that the racoon process then continues
running as root.

Bug: 33938230
Test: Builds, 'racoon' starts correctly.
Change-Id: I916123c7de220c659fbe98bc2016f9f52002d2eb
1 file changed
tree: 42a92916d52eb07b323e1bd28f5be8becb739d63
  1. src/
  2. Android.mk
  3. ChangeLog
  4. CleanSpec.mk
  5. config.h
  6. main.c
  7. Makefile
  8. MODULE_LICENSE_BSD
  9. NEWS
  10. NOTICE
  11. racoon.rc
  12. README
  13. README.google
  14. README.version
  15. setup.c