Package: nagiosgrapher Version: 1.6.1rc5-5 Severity: normal 1. When initially run as root (as is default in Debian for now), nagiosgrapher daemon changes uid and gid to the values, specified in configuration.
The bug is that it does so in the exactly specified order: first it change it's uid (from 0) then it change it's gid which is obviously incorrect and cannot happen succesfully. As a consequence all files gets created with root group. (Is this a security bug?) Suggest invoking setuid() after setgid() - it works then. I also would like to see a warning message of complain if any of setuid() or setgid() fail. Now there are no checks on what did they return. 2. create_pipe() function creates pipe with too permissive modes - 0666, suggest 0660 (after fixing first bug it will become practical) Anyway, this is really a security-related bug. Bye. And Big Thanks to Debian people. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-spg (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
