Learn more about these different git repos.
Other Git URLs
A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of (user) directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd daemon facility, could use this flaw to conduct symbolic link attacks, leading to their ability to alter / remove directories outside of originally intended, to be modified, directory tree.
This issue was found by Florian Weimer of Red Hat Product Security Team.
owner: somebody => jhrozek
rhbz: => 884254
status: new => assigned
patch: 0 => 1
resolution: => fixed
status: assigned => closed
<img alt="Bob Foster.jpg" src="/SSSD/sssd/issue/raw/files/2aa007dbe04d009d408add003efce7b260f36f50f4cc7e7cf85e61a2ea796270-Bob_Foster.jpg" />
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.