afpd: fix unbecome_root()

Reloading logging config may result in privilege escalation in afpd
processes.

Signed-off-by: Ralph Boehme <slow@samba.org>

diff --git a/NEWS b/NEWS
index 9fad3d449ce638df80fa22decf699c423b617021..79b8ac475f25aec6bbbb4a15c6bdbd3f9977a245 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ Changes in 3.1.7
 * FIX: Handling of malformed UTF8 strings, bug #524
 * FIX: afpd: umask handling, bug #576
 * FIX: Spotlight: Limiting searches to subfolders, bug #581
+* FIX: afpd: reloading logging config may result in privilege
+       escalation in afpd processes
 
 Changes in 3.1.6
 ================

diff --git a/libatalk/util/logger.c b/libatalk/util/logger.c
index 4f421fb8d664bec2dbd80a4a83b136b712caf3e0..203abbd54a06453428d859eb8e7f5c78f62dbd93 100644 (file)
--- a/libatalk/util/logger.c
+++ b/libatalk/util/logger.c
@@ -266,7 +266,7 @@ static void log_setup(const char *filename, enum loglevels loglevel, enum logtyp
         type_configs[logtype].fd = open(filename,
                                         O_CREAT | O_WRONLY | O_APPEND,
                                         S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-        become_root();
+        unbecome_root();
     }
 
     /* Check for error opening/creating logfile */