Vulnerability in zdaemon 2.0.5 and earlier

Jim Fulton jim at
Thu Jun 7 22:13:09 CEST 2012

zdaemon is a Unix (Unix, Linux, Mac OS X) Python program that wraps
commands to make them behave as proper daemons.  See

zdaemon can be configured to start as root and then switch to a less
privileged user.  In version 2.0.5 and earlier, zdaemon didn't update
supplementary groups. Processes started as root retain root's
supplementary groups, likely providing more privileges than intended.
This is fixed by zdaemon 2.0.6.

It's recommended that people using zdaemon 2.0.5 and earlier upgrade
to 2.0.6 at their earliest convenience.


Jim Fulton

More information about the Python-announce-list mailing list