Description: CVE-2013-6889, elevated access.
 The executable will, when used with SUID-bit set,
 allow opening and reading access to every system
 file also by an unprivileged user, whenever invocation
 is done in testing mode, i.e., using '-t' without '-u'.
 .
 Prevent this mistake by resetting the effective user
 identification to the real user identification when-
 ever testing mode is asked for.
Author: Mats Erik Andersson <debian@gisladisker.se>
Forwarded: yes
Bug-Debian: http://bugs.debian.org/733505
Last-update: 2014-01-16

--- rush-1.7+dfsg.debian/src/rush.c
+++ rush-1.7+dfsg/src/rush.c
@@ -913,6 +913,10 @@ main(int argc, char **argv)
 	} else if (argc > optind)
 		die(usage_error, NULL, _("invalid command line"));
 	
+	/* Step down from SUID when running in test mode.  */
+	if (lint_option)
+		setuid(getuid());
+
 	if (test_user_name) {
 		struct passwd *pw = getpwnam(test_user_name);
 		if (!pw)