Learn more about these different git repos.
Other Git URLs
SSSD uses a UNIX pipe, typically located at /var/lib/sss/pipes/sudo for communication between sudo and the sssd-sudo responder. When SSSD created this pipe, the umask() call was set to be too permissive, which resulted in the pipe being readable and writable. Then, if an attacker used the same communication protocol that sudo uses to talk to SSSD, they could obtain the list of sudo rules for any user who stores their sudo rules in a remote directory.
While the sudo responder is not started by default by SSSD itself, utilities like ipa-client-install configure the sudo responder to be started.
Metadata Update from @jhrozek: - Issue assigned to jhrozek
Metadata Update from @jhrozek: - Issue priority set to: blocker (was: minor) - Issue set to the milestone: SSSD 1.16.3
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1595057
Issue linked to Bugzilla: Bug 1595057
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4772
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.