| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
There is a small window between running lstat() on a filename and
opening it where it's possible for the file to have been modified.
We were protecting against this by saving the stat data from the
original file and verifying that it was the same file (by device
and inode) when we opened it again, but this is an imperfect
solution, as it is still possible for an attacker to modify the
permissions during this window.
It is much better to simply open the file and test on the active
file descriptor.
Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as
without the initial lstat, we are implicitly accepting symlinks
and only verifying the target file.
|
|
|
|
|
|
tests/common.c is now required by all tests (check-based and not),
so we need to properly ifdef it
|
|
As with krb5_ccname_template sequences like %u can be used in the
krb5_ccachedir parameter which are expanded at runtime. If the directory
does not exist, it will be created. Depending on the used sequences it
is created as a public or private directory.
|
|
|
|
One of our resolv tests tries to resolve a nonexistent hostname. Do not
run this test unless we are explicitly told that a network connection
is available (-n). Also do not automatically resolving localhost.
|
|
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so
I decided to fix them. I also made a quick grep through the code and
found other places so I fixed them too.
|
|
All 'make check' tests will chdir() into this directory before
running the suite. This provides the option of having temporary
files generated in a tmpfs or ramdisk
|
|
|
|
Adds a new option that tells resolver which address family to prefer or
use exclusively.
Fixes: #404
|
|
|
|
|
|
Also update BUILD.txt
|
