• Thomas B. Rücker's avatar
    SECURITY FIX - Override supplementary groups · 53e6ee7a
    Thomas B. Rücker authored
    In case of <changeowner> only UID and GID were changed, 
    supplementary groups were left in place.
    This is a potential security issue only if <changeowner> is used.
    New behaviour is to set UID, GID and set supplementary groups 
    based on the UID
    Even in case of icecast remaining in supplementary group 0 
    this "only" gives it things like access to files that are owned 
    by group 0 and according to their umask. This is obviously bad,
    but not as bad as UID 0 with all its other special rights.
    It's a security issue and we fix immediately and recommend users to update.
    
    PS: Cherry picking this should be fine by distros for fixing older releases.
    
    svn path=/icecast/trunk/icecast/; revision=19137
    53e6ee7a
main.c 13.4 KB