sssd.git/src/p11_child, branch misc

P11_CHILD_NSS: More restrictive permissions

2015-10-14T11:27:18+00:00

p11_child_nss runs as root and we must be carefull about security. This
patch adds more restrictive permissions on it. There is no reason for
0077, so we use 0177 umask.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek

REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK)

2015-10-14T11:27:13+00:00

There are many calls of umask function with 077 argument. This patch
add new constant SSS_DFL_X_UMASK which stands fot 077. So all
occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek

p11child: set restrictive umask and clear environment

2015-08-17T12:02:59+00:00

https://fedorahosted.org/sssd/ticket/2754

Before doing any calls, set a very restrictive umask and clear
environment variables to harden p11child execution.

Reviewed-by: Lukáš Slebodník

Add NSS version of p11_child

2015-07-31T07:51:54+00:00

Reviewed-by: Jakub Hrozek