selinux_child needs to setuid(0) to make libselinux work as non-root #3606
Description
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2564
libselinux uses many access(2) calls and as Sumit educated me, access uses the real UID, not the effective UID for the check. Therefore, the setuid selinux_child, which only has effective UID of root would fail the check.
Calling setuid(0) seems to set also the real UID, we should do that in the selinux child for the duration of the semanage transaction.
(Why does libselinux call access() instead of gracefully failing open() is a mystery to me..seems like a toctou race, but we need to work around it)
Comments
Comment from jhrozek at 2015-01-22 22:50:49
Fields changed
owner: somebody => jhrozek
priority: major => blocker
status: new => assigned
Comment from jhrozek at 2015-01-23 13:39:05
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1113783 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1113783 1113783]
Comment from jhrozek at 2015-01-26 23:16:45
This ticket was requested by a downstream. I'm bypassing the triage and moving to 1.12.4
milestone: NEEDS_TRIAGE => SSSD 1.12.4
patch: 0 => 1
Comment from jhrozek at 2015-01-27 18:09:33
resolution: => fixed
status: assigned => closed
Comment from jhrozek at 2017-02-24 15:01:02
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.4