sssd.git - Experimental work on SSSD - Systen Security Services Daemon

diff options

author	Lukas Slebodnik <lslebodn@redhat.com>	2015-05-27 14:49:14 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-05-31 19:35:27 +0200
commit	1370bcccaed090f36d75e8a8cebb320ea1612b7e (patch)
tree	bea3a3e65a994920561174ec2b45ba1479052e9c /src/providers/proxy/proxy_auth.c
parent	ee44aac95e42c3cb634876286a2aa4960ac69a2b (diff)
download	sssd-1370bcccaed090f36d75e8a8cebb320ea1612b7e.tar.gz sssd-1370bcccaed090f36d75e8a8cebb320ea1612b7e.tar.xz sssd-1370bcccaed090f36d75e8a8cebb320ea1612b7e.zip

PROXY: proxy_child should work in non-root mode

According to design page[1], proxy_child should run with root privileges in non-root mode however proxy_child did not have setuid bit. After setting setuid bit proxy_child will be executed with extra privileges. The effective user ID will be 0 but effective group ID will be still the same as egid of sssd_be. Therefore gid of private pipe for proxy_child should be the same. Otherwise proxy_child will fail due to wrong permissions of unix pipe (sbus_client_init -> check_file) [1] https://fedorahosted.org/sssd/wiki/DesignDocs/NotRootSSSD Resolves: https://fedorahosted.org/sssd/ticket/2655 Reviewed-by: Michal Židek <mzidek@redhat.com>

Diffstat (limited to 'src/providers/proxy/proxy_auth.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: