Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: tlyu@mit.edu
Subject: SVN Commit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 723

	* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
	* src/appl/bsd/v4rcp.c (main):
	* src/appl/bsd/krcp.c (main):
	* src/appl/bsd/krshd.c (doit):
	* src/appl/bsd/login.c (main): 
	* src/clients/ksu/main.c (sweep_up):
	* src/lib/krb4/kuserok.c (kuserok): Check return values from
	setuid() and related functions to avoid privilege escalation
	vulnerabilities.  Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
	VU#580124, CVE-2006-3084, VU#401660]

Commit By: tlyu



Revision: 18420
Changed Files:
U   trunk/src/appl/bsd/krcp.c
U   trunk/src/appl/bsd/krshd.c
U   trunk/src/appl/bsd/login.c
U   trunk/src/appl/bsd/v4rcp.c
U   trunk/src/appl/gssftp/ftpd/ftpd.c
U   trunk/src/clients/ksu/main.c
U   trunk/src/lib/krb4/kuserok.c