commit 43ac03e5e8920171a81ccfcc24c9ff838d0e9eba
Author: Werner Fink <werner@suse.de>
Date:   Wed May 6 09:04:07 2026 +0200

    Fix Privilege Escalation to Root
    
    Do not allow arbitrary connecting user to execute privileged
    commands such as MAGIC_CHROOT or MAGIC_CLOSE.
    
    Signed-off-by: Werner Fink <werner@suse.de>

Index: haveged-1.9.14/src/havegecmd.c
===================================================================
--- haveged-1.9.14.orig/src/havegecmd.c
+++ haveged-1.9.14/src/havegecmd.c
@@ -303,6 +303,11 @@ int socket_handler(                /* RE
       ptr = (unsigned char *)enqry;
       len = (int)strlen(enqry)+1;
       safeout(fd, ptr, len);
+
+      print_msg("%s: connection from pid %lu user %lu\n", params->daemon,
+                (unsigned long)cred.pid, (unsigned long)cred.uid);
+      errno = EACCES;
+      goto out;
       }
 
    switch (magic[0]) {