Univention Bugzilla – Full Text Bug Listing |
Summary: | Missing: 3×drop_privileges(), stays in prepared=1 | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Listener (univention-directory-listener) | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | best, gohmann |
Version: | UCS 3.2 | ||
Target Milestone: | UCS 4.1-2-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Philipp Hahn
2014-03-12 14:19:13 CET
r69832 | Bug #34324 repl: Stop using setuid() Package: univention-directory-replication Version: 9.0.1-3.104.201606061133 Branch: ucs_4.1-0 Scope: errata4.1-2 Package: ucs-test Version: 6.0.33-68.1484.201606061134 Branch: ucs_4.1-0 Scope: errata4.1-2 r69894 | Bug #34324 UDL: Drop privileges after calling handler functions Package: univention-directory-listener Version: 10.0.0-11.315.201606071717 Branch: ucs_4.1-0 Scope: errata4.1-2 r69910 | Bug #22383,Bug #30227,Bug #30263,Bug #34324,Bug #34507,Bug #34738,Bug #3490,Bug #38696,Bug #39509,Bug #40600,Bug #41261: UDL YAML univention-directory-listener.yaml The adjustments you made to UDL look good. Suggestions for improvement: drop_privileges is not called in handler_set_data in case PyObject_CallObject returned NULL, i.e. hunk 4 from the patch above is not applied. Coding style: Maybe adjust handler_clean and handler_initialize like you did for handler_postrun? Personally I don't like that univention-directory-replication has been modified too. Also, the changes are good, but they should be at least mentioned and not be made silently: * ownership change for the STATE_DIR /var/lib/univention-directory-replication before: root.root, now: listener.root * The failed.ldif and the modrdn cache files are now owned by "listener" instead of "root" * LDAP connection to the local LDAP server is now made as user "listener" instead of "root", which should be ok, both read the same ldap.conf Advisory entry: Ok for UDL, missing for UDR (In reply to Arvid Requate from comment #3) > The adjustments you made to UDL look good. Suggestions for improvement: > > drop_privileges is not called in handler_set_data in case > PyObject_CallObject returned NULL, i.e. hunk 4 from the patch above is not > applied. > > Coding style: Maybe adjust handler_clean and handler_initialize like you did > for handler_postrun? Thanks: r71069 | Bug #34324 UDL: Drop privileges after calling handler functions Package: univention-directory-listener Version: 10.0.0-14.325.201607181745 Branch: ucs_4.1-0 Scope: errata4.1-2 r71075 | Bug #40600,Bug #41261,Bug #34324,Bug #3490 UDL: YAML univention-directory-listener.yaml > Personally I don't like that univention-directory-replication has been > modified too. Also, the changes are good, but they should be at least > mentioned and not be made silently: > > * ownership change for the STATE_DIR > /var/lib/univention-directory-replication > before: root.root, now: listener.root > > * The failed.ldif and the modrdn cache files are now owned by "listener" > instead of "root" > > * LDAP connection to the local LDAP server is now made as user "listener" > instead of "root", which should be ok, both read the same ldap.conf Documented. r71076 | Bug #31757,Bug #33594 repl: YAML univention-directory-replication.yaml Code review: Ok Advisory: Ok (Typo fixed) |