#2689 proxy_child hardening
Opened 4 years ago by fweimer. Modified a year ago

proxy_child should perform chdir("/"), umask(022) (or equivalent, but not 0), and reset the environment (with clearenv(), or some more careful approach if there are environment dependencies).

The --domain argument should be sanitized, currently funny names such as /../foo are accepted.

All this just seems to be hardening, no imminent security impact.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.15 beta

Fields changed

rhbz: => 0

It should be a similar fix to #2754
plus additional hardening to the argument "--domain"

owner: somebody => pcech

Metadata Update from @fweimer:
- Issue assigned to pcech
- Issue set to the milestone: SSSD Future releases (no date set yet)

2 years ago

Login to comment on this ticket.