HomePhorge
Diffusion puppet d00c5cc45e3c

(#12457) add users primary group, not Process.gid, in initgroups
d00c5cc45e3cUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#12457) add users primary group, not Process.gid, in initgroups

The Process.gid (real gid) was always included when initialising supplementary
groups in the initgroups method (called when changing the euid via the
change_user method). This has been replaced by the primary gid of the user.

This led to a privilege leak, as well as a potential surprise when it came to
file ownership, in both the agent and the master.

Fix and analysis by Dominic Cleal <dcleal@redhat.com>

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance
Daniel Pittman <daniel@puppetlabs.com>Authored on
Nick Lewis <nick@puppetlabs.com>Committed on Feb 9 2012, 12:48 AM
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPU311848a4c74b: Merge pull request #395 from joshcooper/ticket/2.6.x/6541-use-the-same…
Branches
Unknown
Tags
Unknown

Event Timeline

Nick Lewis <nick@puppetlabs.com> committed rPUd00c5cc45e3c: (#12457) add users primary group, not Process.gid, in initgroups (authored by Daniel Pittman <daniel@puppetlabs.com>).Feb 9 2012, 12:48 AM

Changes (2)

PathSize
lib/
puppet/
util/
spec/
unit/
util/

rPUd00c5cc45e3c

View Options

lib/puppet/util/suidmanager.rb

Loading...
View Options

spec/unit/util/suidmanager_spec.rb

Loading...