diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-24 22:44:17 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-19 11:10:01 +0100 |
commit | f28c0df2ba8d3ba4632e3fa5cb395635470d3639 (patch) | |
tree | 0612670a7cd971f1dfb68b492fe4f2f6a598e06e /contrib | |
parent | 6505a4a36592efe94bfbdbfb07ca4d198a699a8b (diff) | |
download | sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.tar.gz sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.tar.xz sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.zip |
BUILD: Install krb5_child as suid if running under non-privileged user
If sssd_be is running unprivileged, then krb5_child must be setuid to be
able to access the keytab and become arbitrary user.
Related:
https://fedorahosted.org/sssd/ticket/2370
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/sssd.spec.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 5bfb16707..4734d1248 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -646,7 +646,7 @@ rm -rf $RPM_BUILD_ROOT %doc COPYING %{_libdir}/%{name}/libsss_krb5_common.so %attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child -%{_libexecdir}/%{servicename}/krb5_child +%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child %files krb5 -f sssd_krb5.lang %defattr(-,root,root,-) |