oss-sec mailing list archives

pacemaker strcmp

From: "Simon ." <bofh666ftw () googlemail com>
Date: Thu, 13 Dec 2012 17:37:44 +0100

Hi,

I might have overlooked something. Starting from Line 39, if pacemaker
is compiled with ACL
support:

https://github.com/ClusterLabs/pacemaker/blob/master/include/crm_internal.h#L39

Once a user root\0bar is created, and CRM_DAEMON_USER is #undef we can return
TRUE. Haven't looked into further details here and I think no sane
admin will ever allow
such a user. What do you guys think?



/* For ACLs */
char *uid2username(uid_t uid);
void determine_request_user(char *user, xmlNode * request, const char *field);

# if ENABLE_ACL
# include <string.h>
static inline gboolean
is_privileged(const char *user)
{
    if (user == NULL) {
        return FALSE;
    } else if (strcmp(user, CRM_DAEMON_USER) == 0) { <------------- #undef ?
        return TRUE;
    } else if (strcmp(user, "root") == 0) { <------------------- err
        return TRUE;
    }
    return FALSE;
}
# endif

Current thread:

pacemaker strcmp Simon . (Dec 13)
- Re: pacemaker strcmp Kurt Seifried (Dec 14)