[Zope-Annce] Vulnerability in zdaemon 2.0.5 and earlier
jim at zope.com
Thu Jun 7 20:12:30 UTC 2012
zdaemon is a Unix (Unix, Linux, Mac OS X) Python program that wraps
commands to make them behave as proper daemons. See
zdaemon can be configured to start as root and then switch to a less
privileged user. In version 2.0.5 and earlier, zdaemon didn't update
supplementary groups. Processes started as root retain root's
supplementary groups, likely providing more privileges than intended.
This is fixed by zdaemon 2.0.6.
It's recommended that people using zdaemon 2.0.5 and earlier upgrade
to 2.0.6 at their earliest convenience.
More information about the Zope-Announce