Author: JT Smith
From LWN.net: Luki R. reported a bug in man-db: it did handle nested calls of
drop_effective_privs() and regain_effective_privs() correctly which
would cause it to regain privileges to early. This could be abused
to make man create files as user man.
drop_effective_privs() and regain_effective_privs() correctly which
would cause it to regain privileges to early. This could be abused
to make man create files as user man.
This has been fixed in version 2.3.16-4, and we recommend that you
upgrade your man-db package immediately.
Category:
- Linux
