Learn more about these different git repos.
Other Git URLs
proxy_child should perform chdir("/"), umask(022) (or equivalent, but not 0), and reset the environment (with clearenv(), or some more careful approach if there are environment dependencies).
proxy_child
chdir("/")
umask(022)
0
clearenv()
The --domain argument should be sanitized, currently funny names such as /../foo are accepted.
--domain
/../foo
All this just seems to be hardening, no imminent security impact.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.15 beta
rhbz: => 0
It should be a similar fix to #2754 plus additional hardening to the argument "--domain"
owner: somebody => pcech
Metadata Update from @fweimer: - Issue assigned to pcech - Issue set to the milestone: SSSD Future releases (no date set yet)
https://github.com/SSSD/sssd/pull/578
Metadata Update from @atikhonov: - Custom field design_review reset (from 0) - Custom field mark reset (from 0) - Custom field patch reset (from 0) - Custom field review reset (from 0) - Custom field sensitive reset (from 0) - Custom field testsupdated reset (from 0) - Issue assigned to atikhonov (was: pcech) - Issue close_status updated to: None
Metadata Update from @thalman: - Custom field design_review reset (from false) - Custom field mark reset (from false) - Custom field patch reset (from false) - Custom field review reset (from false) - Custom field sensitive reset (from false) - Custom field testsupdated reset (from false) - Issue tagged with: Next milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3730
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.