First Last Prev Next    This bug is not in your last search results.
Bug 43410 - fix setuid in keytab listener
fix setuid in keytab listener
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Kerberos
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Philipp Hahn
Arvid Requate
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-24 16:07 CET by Felix Botner
Modified: 2017-04-04 18:29 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2017-01-24 16:07:14 CET 
/usr/lib/univention-directory-listener/system/keytab.py calls listener.setuid(0) in the globale scope. This is potentially harmful as the listener does currently not drop privileges after the import (see Bug #43409).

Also there is are listener.setuid(0) listener.unsetuid() calls in the handler function without try: finally:
Comment 1 Philipp Hahn univentionstaff 2017-02-03 14:57:05 CET 
r76382 | Bug #43410 heimdal: Fix credential leak

Package: univention-heimdal
Version: 10.0.0-2A~4.2.0.201702031419
Version: 10.0.0-3A~4.2.0.201702031452
Branch: ucs_4.2-0
Comment 2 Arvid Requate univentionstaff 2017-02-06 12:51:05 CET 
Ok.
Comment 3 Stefan Gohmann univentionstaff 2017-04-04 18:29:11 CEST 
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.