On 19.09.24 Brian Ristuccia (brian.ristuc...@gmail.com) wrote: Hi Francesco,
> We've run into a problem with proftpd + mod_sftp + mod_sql, where a > user with no supplemental groups will incorrectly inherit supplemental > groups from the parent process. In ProFTPD Version 1.3.5, this > behavior resulted in users gaining supplemental membership in nogroup, > which had minimal security implications. In 1.3.8, it appears that the > parent process retains supplemental GID 0, which is inherited by child > processes and not overwritten if the authenticated user has no > supplemental groups. > We've got a patch from upstream, which has been pushed onto salsa. I did not test it myself, but I would assume that it solves the issue. I'd like to upload ASAP. Unfortunately the autopkg test fails for risc64 and the package would not migrate to testing. I tried to reproduce the issue on ricci, but failed. For now I would disable the one failing test and look at it later. Let me know if this would be OK for you. Hilmar
signature.asc
Description: PGP signature
