diff options
-rw-r--r-- | src/p11_child/p11_child_nss.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/p11_child/p11_child_nss.c b/src/p11_child/p11_child_nss.c index 123b99348..8a383a044 100644 --- a/src/p11_child/p11_child_nss.c +++ b/src/p11_child/p11_child_nss.c @@ -481,8 +481,12 @@ int main(int argc, const char *argv[]) /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; + /* + * This child runs as root (setuid(0)), so we need clear environment and + * set permissions for security reasons. + */ clearenv(); - umask(SSS_DFL_X_UMASK); + umask(SSS_DFL_UMASK); pc = poptGetContext(argv[0], argc, argv, long_options, 0); while ((opt = poptGetNextOpt(pc)) != -1) { |