diff options
author | Simo Sorce <simo@redhat.com> | 2013-04-04 11:32:51 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-04-05 17:13:06 +0200 |
commit | bdf63b2c329f12b4cdfcc04122f4547aad6bfa35 (patch) | |
tree | 0ecc6a5ad95347c04fb118cff4cc64ab019b8e68 /src/confdb | |
parent | e9c41ad5c89fc7e6c34434c4153753f0b11650ed (diff) | |
download | sssd-bdf63b2c329f12b4cdfcc04122f4547aad6bfa35.tar.gz sssd-bdf63b2c329f12b4cdfcc04122f4547aad6bfa35.tar.bz2 sssd-bdf63b2c329f12b4cdfcc04122f4547aad6bfa35.zip |
Further restrict become_user drop of privileges.
We never need to regain root after we call become_user() so tighten up even
further our privilege drop.
Add a setgroups() call to remove all secondary groups root may have been given
for whateve reason. Then use the setres[ug]id function to also drop the saved
uid/gid so the process cannot regain back root id.
Capabilities are also implicitly dropped here, no more CAP_SETUID so this is a
Point of No Return, once changed to non-root the process can't get back.
Remove redefinition of sys/types.h and unistd.h, they are already defined in
util.h and they need to be included after _GNU_SOURCE/_BSD_SOURCE is defined
or the prototypes for setres[ug]id will not be found.
Add grp.h after util.h for the same reason.
Diffstat (limited to 'src/confdb')
0 files changed, 0 insertions, 0 deletions