aboutgitcodebugslistschat
path: root/contrib/apparmor/usr.bin.pasta
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2024-05-22 20:18:19 +0200
committerStefano Brivio <sbrivio@redhat.com>2024-05-23 16:43:26 +0200
commitc9b24134656925e53fea3cde0b33ab143dcd84af (patch)
tree4f07d74f760664e7a11ad5bd8ba4dac14b398089 /contrib/apparmor/usr.bin.pasta
parentba23b05545e1e316235fad7a66f3cfd643c22146 (diff)
downloadpasst-c9b24134656925e53fea3cde0b33ab143dcd84af.tar
passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.gz
passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.bz2
passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.lz
passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.xz
passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.zst
passt-c9b24134656925e53fea3cde0b33ab143dcd84af.zip
conf, passt, tap: Open socket and PID files before switching UID/GID
Otherwise, if the user runs us as root, and gives us paths that are only accessible by root, we'll fail to open them, which might in turn encourage users to change permissions or ownerships: definitely a bad idea in terms of security. Reported-by: Minxi Hou <mhou@redhat.com> Reported-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Acked-by: Richard W.M. Jones <rjones@redhat.com>
Diffstat (limited to 'contrib/apparmor/usr.bin.pasta')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-18 14:25:32 +0000