Learn more about these different git repos.
Other Git URLs
A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of (user) directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd daemon facility, could use this flaw to conduct symbolic link attacks, leading to their ability to alter / remove directories outside of originally intended, to be modified, directory tree.
This issue was found by Florian Weimer of Red Hat Product Security Team.
Fields changed
owner: somebody => jhrozek rhbz: => 884254 status: new => assigned
patch: 0 => 1
master
sssd-1-9:
resolution: => fixed status: assigned => closed
[http://windowsitpro.com/users/kidkraft-large-pastel-kitchen here] <img alt="Bob Foster.jpg" src="/SSSD/sssd/issue/raw/files/2aa007dbe04d009d408add003efce7b260f36f50f4cc7e7cf85e61a2ea796270-Bob_Foster.jpg" />
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2824
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.