[src/netbsd-6-0]: src/doc ticket 1309

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8b575ab3c909
branches:  netbsd-6-0
changeset: 775079:8b575ab3c909
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Wed Jul 01 07:24:31 2015 +0000

description:
ticket 1309

diffstat:

 doc/CHANGES-6.0.7 |  16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diffs (27 lines):

diff -r fc2b6e93b84f -r 8b575ab3c909 doc/CHANGES-6.0.7
--- a/doc/CHANGES-6.0.7 Wed Jul 01 07:22:52 2015 +0000
+++ b/doc/CHANGES-6.0.7 Wed Jul 01 07:24:31 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.43 2015/05/27 05:57:31 msaitoh Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.44 2015/07/01 07:24:31 bouyer Exp $
 
 A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
 release:
@@ -5998,3 +5998,17 @@
 
        Fix off by one error, pointed out by Wei Liu in port-xen/49919.
        [bouyer, ticket #1299]
+usr.bin/calendar/calendar.c                    1.51
+
+       Correct privilege handling problems in calendar -a (which runs as root
+       from /etc/daily); do not exec other programs while the real uid is
+       still 0.
+
+       Also, clear the supplementary groups list up front and call initgroups
+       when becoming another user, to avoid leaking any extra group
+       privileges that we might have.
+
+       And finally, don't silently ignore errors changing uid and gid; those
+       are serious if they happen.
+       [dholland, ticket #1309]
+