SSSD / sssd

Clone

1370bcc PROXY: proxy_child should work in non-root mode

3 files Authored by lslebodn 8 years ago, Committed by jhrozek 8 years ago,
raw patch tree parent
3 files changed. 4 lines added. 2 lines removed.
Makefile.am
file modified
+2 -0
contrib/sssd.spec.in
file modified
+1 -1
src/providers/proxy/proxy_init.c
file modified
+1 -1 
    PROXY: proxy_child should work in non-root mode
    
    According to design page[1], proxy_child should run
    with root privileges in non-root mode however proxy_child
    did not have setuid bit.
    
    After setting setuid bit proxy_child will be executed with extra privileges.
    The effective user ID will be 0 but effective group ID will be still
    the same as egid of sssd_be. Therefore gid of private pipe for
    proxy_child should be the same. Otherwise proxy_child will fail
    due to wrong permissions of unix pipe (sbus_client_init -> check_file)
    
    [1] https://fedorahosted.org/sssd/wiki/DesignDocs/NotRootSSSD
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2655
    
    Reviewed-by: Michal Židek <mzidek@redhat.com>
file modified
+2 -0
file modified
+1 -1
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.