-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is a small window between running lstat() on a filename and
opening it where it's possible for the file to have been modified.
We were protecting against this by saving the stat data from the
original file and verifying that it was the same file (by device
and inode) when we opened it again, but this is an imperfect
solution, as it is still possible for an attacker to modify the
permissions during this window.
It is much better to simply open the file and test on the active
file descriptor.
Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as
without the initial lstat, we are implicitly accepting symlinks
and only verifying the target file.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAku0//MACgkQeiVVYja6o6MN8ACeLteU+pq0gzYv10Ls9M2Rqyvw
am0AnipRUHuwLM+kO+XImKfs0+yAsAb6
=mI3/
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The SSSD team is proud to announce the 1.1.1 bugfix release of the
System Security Services Daemon. As always, it can be found at
https://fedorahosted.org/sssd
== Highlights ==
* Fixed the IPA provider (which was segfaulting at start)
* Fixed a bug in the SSSDConfig API causing some options to revert to
their defaults
* This impacted the Authconfig UI
* Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
== Detailed Changelog ==
Eugene Indenbom (1):
* Add krb5_kpasswd to IPA provider
Jakub Hrozek (3):
* Regression test against RHBZ #576856
* Fixes for path_utils
* Unit tests for path_utils
Piotr Drąg (1):
* Update PL translation for 1.1.1
Stephen Gallagher (6):
* Fix path_utils_ut segfault
* Allow arbitrary-length PAM messages
* Add regression test for https://fedorahosted.org/sssd/ticket/441
* Do not revert options to defaults in SSSDConfig.get_domain()
* Update translation files for 1.1.1 release
* Update version to 1.1.1
Sumit Bose (3):
* Fix kinit after password change
* Set LDAP_OPT_RESTART for ldap_sasl_interactive_bind_s()
* Fix LDAP search paths for IPA HBAC
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAku0r8gACgkQeiVVYja6o6N9uwCglIOrhcuvvxui8XnGhhWmTzn/
ypsAoKRIjr0SdOL8267v898bpJO0ai57
=UTVj
-----END PGP SIGNATURE-----