#2689 proxy_child hardening
Closed: cloned-to-github 2 years ago by pbrezina. Opened 7 years ago by fweimer.

proxy_child should perform chdir("/"), umask(022) (or equivalent, but not 0), and reset the environment (with clearenv(), or some more careful approach if there are environment dependencies).

The --domain argument should be sanitized, currently funny names such as /../foo are accepted.

All this just seems to be hardening, no imminent security impact.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.15 beta

Fields changed

rhbz: => 0

It should be a similar fix to #2754
plus additional hardening to the argument "--domain"

owner: somebody => pcech

Metadata Update from @fweimer:
- Issue assigned to pcech
- Issue set to the milestone: SSSD Future releases (no date set yet)

5 years ago

Metadata Update from @atikhonov:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue assigned to atikhonov (was: pcech)
- Issue close_status updated to: None

2 years ago

Metadata Update from @thalman:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue tagged with: Next milestone

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3730

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.