Reviewed by Nathan (Thanks!)

NSS 3.11 introduces a new library (libfreebl3.so) that is loaded as part of NSS initialization.  With Fedora DS 1.0, we moved NSS initialization to occur after the setuid from root to the runtime uid so that the files created during NSS init would have the correct ownership.  However, the bin/slapd/server directory is set to 0700 meaning no execute permission for the runtime uid.  The OS requires this directory to be 711 to allow the slapd process to load in the shared libraries needed by NSS.  We use 711 to disallow reading in this directory because if slapd crashes shortly after startup, a core file may go in this directory which may contain secret information.

0 files changed, 0 insertions, 0 deletions