3ceb68 Fix: fencer: restrict certain IPC requests to privileged users

1 file Authored by kgaillot 4 years ago, Committed by Packit Service 4 years ago,
    Fix: fencer: restrict certain IPC requests to privileged users
    
    The fencer IPC API allows clients to register fence devices.
    
    If ACLs are enabled, this could allow an ACL-restricted user to bypass ACLs to
    configure fencing. If the user is able to install executables to the standard
    fencing agent locations, have arbitrary code executed as root (the standard
    locations generally require root for write access, so that is unlikely to be an
    issue).
    
    If ACLs are not enabled, users in the haclient group have full access to the
    CIB, which already gives them these capabilities, so there is no additional
    exposure in that case.
    
    This commit does not restrict unprivileged users from using other fencing API,
    such as requesting actual fencing.
    
    patch_name: 016-CVE-2020-25654.patch
    present_in_specfile: true
    location_in_specfile: 16
    squash_commits: true