Vulnerability in zdaemon 2.0.5 and earlier

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Vulnerability in zdaemon 2.0.5 and earlier

Jim Fulton
zdaemon is a Unix (Unix, Linux, Mac OS X) Python program that wraps
commands to make them behave as proper daemons.  See
http://pypi.python.org/pypi/zdaemon.

zdaemon can be configured to start as root and then switch to a less
privileged user.  In version 2.0.5 and earlier, zdaemon didn't update
supplementary groups. Processes started as root retain root's
supplementary groups, likely providing more privileges than intended.
This is fixed by zdaemon 2.0.6.

It's recommended that people using zdaemon 2.0.5 and earlier upgrade
to 2.0.6 at their earliest convenience.

Jim

--
Jim Fulton
--
http://mail.python.org/mailman/listinfo/python-announce-list

        Support the Python Software Foundation:
        http://www.python.org/psf/donations/