oss-sec mailing list archives
pacemaker strcmp
From: "Simon ." <bofh666ftw () googlemail com>
Date: Thu, 13 Dec 2012 17:37:44 +0100
Hi, I might have overlooked something. Starting from Line 39, if pacemaker is compiled with ACL support: https://github.com/ClusterLabs/pacemaker/blob/master/include/crm_internal.h#L39 Once a user root\0bar is created, and CRM_DAEMON_USER is #undef we can return TRUE. Haven't looked into further details here and I think no sane admin will ever allow such a user. What do you guys think? /* For ACLs */ char *uid2username(uid_t uid); void determine_request_user(char *user, xmlNode * request, const char *field); # if ENABLE_ACL # include <string.h> static inline gboolean is_privileged(const char *user) { if (user == NULL) { return FALSE; } else if (strcmp(user, CRM_DAEMON_USER) == 0) { <------------- #undef ? return TRUE; } else if (strcmp(user, "root") == 0) { <------------------- err return TRUE; } return FALSE; } # endif
Current thread:
- pacemaker strcmp Simon . (Dec 13)
- Re: pacemaker strcmp Kurt Seifried (Dec 14)