Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pdcp, pdsh, rpdcp calling setuid and setgid without setgroups or initgroups #101

Closed
spstarr opened this issue Jun 28, 2017 · 3 comments
Closed

pdcp, pdsh, rpdcp calling setuid and setgid without setgroups or initgroups #101

spstarr opened this issue Jun 28, 2017 · 3 comments

Comments

@spstarr
Copy link

spstarr commented Jun 28, 2017

Is this intentional or should this be fixed up?

Thanks,
Shawn
@grondo
Copy link
Member

grondo commented Jun 28, 2017

pdsh should only be calling setuid/setgid to drop privileges when it is installed setuid root (hopefully packages aren't installed this way by default, it is only necessary for use of the rsh protocol and rresvport). I don't think setgroups or initgroups is warranted in this scenario, but I could be wrong.

Actually the drop of setuid privileges should be audited if it is kept at all.

@spstarr
Copy link
Author

spstarr commented Jun 28, 2017

In our packaging none of the binaries are setuid root installed.

@grondo
Copy link
Member

grondo commented Jun 28, 2017

Ok, then these functions aren't used. However, I did open an issue #102 to ensure use of the functions is audited. I'll close this issue though.

@grondo grondo closed this as completed Jun 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grondo @spstarr