Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option -t loads files after detaching from TTY and chroot() #20

Closed
droe opened this issue Jan 29, 2014 · 0 comments
Closed

Option -t loads files after detaching from TTY and chroot() #20

droe opened this issue Jan 29, 2014 · 0 comments
Assignees
@droe
Labels
bug released
Milestone
0.4.9

Comments

@droe
Copy link
Owner

droe commented Jan 29, 2014

Using -t fails under many circumstances, such as with encrypted keys in daemon mode, when chroot() is used, or when the user we drop privs to lacks the permissions to read the file.

-t should be rewritten to load the certificates into a list of cert_t before detaching from TTY; that list would need to be added to the certificate cache after detaching.
@ghost ghost assigned droe Jan 29, 2014
@droe droe mentioned this issue Jan 30, 2014
Closed
droe added a commit that referenced this issue Jan 30, 2014
@droe
Load -t certificates before dropping privileges
db0fa32 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
@droe droe closed this as completed Jan 30, 2014
@droe droe added the released label Apr 23, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@droe droe

Labels
bug released
Projects
None yet
Milestone
0.4.9
Development

No branches or pull requests
1 participant
@droe