You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mesos.apache.org by "Benjamin Mahler (JIRA)" <ji...@apache.org> on 2013/10/04 01:04:43 UTC
[jira] [Commented] (MESOS-719) missing-call-to-setgroups
[ https://issues.apache.org/jira/browse/MESOS-719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13785642#comment-13785642 ]
Benjamin Mahler commented on MESOS-719:
---------------------------------------
Is it referring to os::su?
{code}
inline bool su(const std::string& user)
{
passwd* passwd;
if ((passwd = ::getpwnam(user.c_str())) == NULL) {
PLOG(ERROR) << "Failed to get user information for '"
<< user << "', getpwnam";
return false;
}
if (::setgid(passwd->pw_gid) < 0) {
PLOG(ERROR) << "Failed to set group id, setgid";
return false;
}
if (::setuid(passwd->pw_uid) < 0) {
PLOG(ERROR) << "Failed to set user id, setuid";
return false;
}
return true;
}
{code}
Is this non-compliant? It looks like setgid and setuid are done in the correct order.
> missing-call-to-setgroups
> -------------------------
>
> Key: MESOS-719
> URL: https://issues.apache.org/jira/browse/MESOS-719
> Project: Mesos
> Issue Type: Bug
> Components: general
> Affects Versions: 0.15.0
> Reporter: Timothy St. Clair
> Labels: newbie
>
> This traces into stout/os.hpp
> in vetting the code as part of fedora packaging, rpmlint outputs an error around priv-changing .
> mesos.x86_64: E: missing-call-to-setgroups /usr/lib64/libmesos-0.15.0.so.0.0.0
> https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
--
This message was sent by Atlassian JIRA
(v6.1#6144)