BUILD: Install krb5_child as suid if running under non-privileged user

If sssd_be is running unprivileged, then krb5_child must be setuid to be able to access the keytab and become arbitrary user. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2014-10-24 22:44:17 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-11-19 11:10:01 +0100
commit: f28c0df2ba8d3ba4632e3fa5cb395635470d3639 (patch)
tree: 0612670a7cd971f1dfb68b492fe4f2f6a598e06e /contrib
parent: 6505a4a36592efe94bfbdbfb07ca4d198a699a8b (diff)
download: sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.tar.gz
sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.tar.xz
sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 5bfb16707..4734d1248 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -646,7 +646,7 @@ rm -rf $RPM_BUILD_ROOT
 %doc COPYING
 %{_libdir}/%{name}/libsss_krb5_common.so
 %attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child
-%{_libexecdir}/%{servicename}/krb5_child
+%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child
 
 %files krb5 -f sssd_krb5.lang
 %defattr(-,root,root,-)
author	Jakub Hrozek <jhrozek@redhat.com>	2014-10-24 22:44:17 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-11-19 11:10:01 +0100
commit	f28c0df2ba8d3ba4632e3fa5cb395635470d3639 (patch)
tree	0612670a7cd971f1dfb68b492fe4f2f6a598e06e /contrib
parent	6505a4a36592efe94bfbdbfb07ca4d198a699a8b (diff)
download	sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.tar.gz sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.tar.xz sssd-f28c0df2ba8d3ba4632e3fa5cb395635470d3639.zip