#2517 krb5_child: Remove getenv() ran as root
Closed: Fixed None Opened 7 years ago by jhrozek.

As a first step towards fixing ticket #697 we should get rid of environment variables that are evaluated before krb5_child drops root.

After the recent patches, that's only variables concerning FAST setup:
- SSSD_KRB5_USE_FAST evaluated in k5c_setup_fast() called from privileged_krb5_setup()
- SSSD_KRB5_FAST_PRINCIPAL evaluated in k5c_setup_fast() called from privileged_krb5_setup()

The other getenv calls are done as regular user.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 beta

Fields changed

milestone: SSSD 1.13 beta => SSSD 1.13 backlog

Mass-moving tickets not planned for the 1.13 release to 1.14

milestone: SSSD 1.13 backlog => SSSD 1.14 beta

Fields changed

rhbz: => 0

Nice to have for 1.14 and an easy task, but not required.

milestone: SSSD 1.14 beta => SSSD 1.14 backlog
sensitive: => 0

There is no getenv ran in krb5_child after fixes for #697.

milestone: SSSD 1.14 backlog => SSSD 1.15 Alpha
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.0

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3559

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.