source-git / pacemaker

Clone
Source Code
GIT

feb57c High: executor: restrict certain IPC requests to Pacemaker daemons

1 file Authored by kgaillot 4 years ago, Committed by Packit Service 4 years ago,
raw patch tree parent
1 file changed. 73 lines added. 18 lines removed.
daemons/execd/execd_commands.c
file modified
+73 -18 
    High: executor: restrict certain IPC requests to Pacemaker daemons
    
    The executor IPC API allows clients to register resources, request agent
    execution, and so forth.
    
    If ACLs are enabled, this could allow an ACL-restricted user to bypass ACLs and
    execute any code as root. (If ACLs are not enabled, users in the haclient group
    have full access to the CIB, which already gives them that ability, so there is
    no additional exposure in that case.)
    
    When ACLs are supported, this commit effectively disables the executor IPC API
    for clients that aren't connecting as root or hacluster. Such clients can only
    register and poke now.
file modified
+73 -18

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation