#1382 pac responder interface needs checks
Closed: Fixed None Opened 10 years ago by simo.

The pac responder interface should have a configuration option that tells it what user ids are allowed to send PAC information, this way we can configure exactly which unprivileged processes can send us information as 'trusted pac providers'.

Also we should set a Selinux context on the pac responder socket so that we can further confine access via MAC.

Fields changed

owner: somebody => sbose

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
rhbz: => 0

Testing instructions:

Just call

echo 123456789 | nc -U /var/lib/sss/pipes/pac || echo failed

with different user. For users with a UID in the allowed_uids nothing is returned otherwise 'failed'

patch: 0 => 1

master: 2d257cc

resolution: => fixed
status: new => closed

Metadata Update from @simo:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.0 beta 4

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2424

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.