-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/13/2009 03:52 AM, Sumit Bose wrote:
On Mon, Oct 12, 2009 at 10:28:05AM -0400, Simo Sorce wrote:
> On Mon, 2009-10-12 at 15:46 +0200, Sumit Bose wrote:
>> There is a problem with --debug-to-files. krb5_child runs as the user
>> requesting the ticket so the path to krb5_child.log needs to have
>> matching permissions. A possible solution would be to create the file
>> with 666 permissions during the setup of the kerberos backend. Any
>> other
>> ideas?
>
> You *really* don't want to have log files 666 ever.
> The easiest way would be to open the log file from the parent *without*
> CLOSE_ON_EXEC, and pass the fd number to krb5_child on the command line,
> and then have krb5_child use that fd to send debug messages.
>
> Simo.
>
ok, please find updated patch attached.
bye,
Sumit
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
prepare_child_argv():
Testing for argc < 2 for each of the potential options seems somewhat
nonsensical, since you're starting at two (program name and NULL),
adding one each for debug_level, debug_to_file and debug_timestamps and
then subtracting them when you copy them in. I don't see anywhere that
this check could ever fail to be true.
Also, you don't test whether the talloc_strdup() calls might return NULL
(in an out-of-memory situation).
The implementation looks fine otherwise.
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkrWEUcACgkQeiVVYja6o6MdcQCeMDPK85b1csjASsVmOWWUyjOV
VZAAoKvcAFDggdSarb7j61R0U5DDnpcI
=e45z
-----END PGP SIGNATURE-----