-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proxy_child hardening #3730
Labels
Comments
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Aug 10, 2020
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Aug 10, 2020
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Aug 10, 2020
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Jan 22, 2021
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Jan 22, 2021
as a part of log file name Resolves: SSSD#3730
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Jan 22, 2021
as a part of log file name Resolves: SSSD#3730
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Jan 26, 2021
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Jan 26, 2021
pbrezina
pushed a commit
that referenced
this issue
Jan 29, 2021
Resolves: #3730 Reviewed-by: Sumit Bose <sbose@redhat.com>
3v1n0
pushed a commit
to 3v1n0/sssd
that referenced
this issue
Apr 8, 2021
Resolves: SSSD#3730 Reviewed-by: Sumit Bose <sbose@redhat.com>
3v1n0
pushed a commit
to 3v1n0/sssd
that referenced
this issue
Apr 8, 2021
Resolves: SSSD#3730 Reviewed-by: Sumit Bose <sbose@redhat.com>
akuster
pushed a commit
to akuster/sssd
that referenced
this issue
May 18, 2021
Resolves: SSSD#3730 Reviewed-by: Sumit Bose <sbose@redhat.com>
akuster
pushed a commit
to akuster/sssd
that referenced
this issue
May 18, 2021
Resolves: SSSD#3730 Reviewed-by: Sumit Bose <sbose@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2689
proxy_child
should performchdir("/")
,umask(022)
(or equivalent, but not0
), and reset the environment (withclearenv()
, or some more careful approach if there are environment dependencies).The
--domain
argument should be sanitized, currently funny names such as/../foo
are accepted.All this just seems to be hardening, no imminent security impact.
Comments
Comment from jhrozek at 2015-06-25 15:52:07
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.15 beta
Comment from jhrozek at 2015-07-20 22:28:11
Fields changed
rhbz: => 0
Comment from lslebodn at 2015-08-17 12:59:44
It should be a similar fix to #2754
plus additional hardening to the argument "--domain"
owner: somebody => pcech
Comment from fweimer at 2017-02-24 14:23:39
Metadata Update from @fweimer:
Comment from amitkumar25nov at 2018-05-23 09:01:33
#578
Comment from atikhonov at 2019-10-24 15:01:37
Metadata Update from @atikhonov:
Comment from thalman at 2020-03-11 15:18:53
Metadata Update from @thalman:
The text was updated successfully, but these errors were encountered: