jim at zope
Jun 7, 2012, 1:12 PM
Post #1 of 1
(343 views)
Permalink
|
|
Vulnerability in zdaemon 2.0.5 and earlier
|
|
zdaemon is a Unix (Unix, Linux, Mac OS X) Python program that wraps
commands to make them behave as proper daemons. See
http://pypi.python.org/pypi/zdaemon.
zdaemon can be configured to start as root and then switch to a less
privileged user. In version 2.0.5 and earlier, zdaemon didn't update
supplementary groups. Processes started as root retain root's
supplementary groups, likely providing more privileges than intended.
This is fixed by zdaemon 2.0.6.
It's recommended that people using zdaemon 2.0.5 and earlier upgrade
to 2.0.6 at their earliest convenience.
--
Jim Fulton
_______________________________________________
Zope-Announce maillist - Zope-Announce [at] zope
https://mail.zope.org/mailman/listinfo/zope-announce
Zope-Announce for Announcements only - no discussions
(Related lists -
Users: https://mail.zope.org/mailman/listinfo/zope
Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
|
