diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2024-05-22 20:18:19 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-05-23 16:43:26 +0200 |
commit | c9b24134656925e53fea3cde0b33ab143dcd84af (patch) | |
tree | 4f07d74f760664e7a11ad5bd8ba4dac14b398089 /contrib/apparmor | |
parent | ba23b05545e1e316235fad7a66f3cfd643c22146 (diff) | |
download | passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.gz passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.bz2 passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.lz passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.xz passt-c9b24134656925e53fea3cde0b33ab143dcd84af.tar.zst passt-c9b24134656925e53fea3cde0b33ab143dcd84af.zip |
conf, passt, tap: Open socket and PID files before switching UID/GID
Otherwise, if the user runs us as root, and gives us paths that are
only accessible by root, we'll fail to open them, which might in turn
encourage users to change permissions or ownerships: definitely a bad
idea in terms of security.
Reported-by: Minxi Hou <mhou@redhat.com>
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
Diffstat (limited to 'contrib/apparmor')
0 files changed, 0 insertions, 0 deletions