#2517 krb5_child: Remove getenv() ran as root
Closed: Fixed None Opened 4 years ago by jhrozek.

As a first step towards fixing ticket #697 we should get rid of environment variables that are evaluated before krb5_child drops root.

After the recent patches, that's only variables concerning FAST setup:
- SSSD_KRB5_USE_FAST evaluated in k5c_setup_fast() called from privileged_krb5_setup()
- SSSD_KRB5_FAST_PRINCIPAL evaluated in k5c_setup_fast() called from privileged_krb5_setup()

The other getenv calls are done as regular user.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 beta

Fields changed

milestone: SSSD 1.13 beta => SSSD 1.13 backlog

Mass-moving tickets not planned for the 1.13 release to 1.14

milestone: SSSD 1.13 backlog => SSSD 1.14 beta

Fields changed

rhbz: => 0

Nice to have for 1.14 and an easy task, but not required.

milestone: SSSD 1.14 beta => SSSD 1.14 backlog
sensitive: => 0

There is no getenv ran in krb5_child after fixes for #697.

milestone: SSSD 1.14 backlog => SSSD 1.15 Alpha
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15.0

2 years ago

Login to comment on this ticket.