POS36-C. Observe correct revocation order while relinquishing privileges

hpc / mpifileutils

File utilities designed for scalability and performance.

https://hpc.github.io/mpifileutils

BSD 3-Clause "New" or "Revised" License

170 stars 68 forks source link

POS36-C. Observe correct revocation order while relinquishing privileges #567

Closed brianjmurrell closed 7 months ago

brianjmurrell commented 10 months ago

While running a linter (rpmlint) on the results of a build we are getting an error that refers to POS36-C. Observe correct revocation order while relinquishing privileges for dcp.

Is that actually a problem or is it a false-positive of some sort?

daltonbohning commented 10 months ago

Technically, the uid could be set but not the gid, which might be the complaint here? https://github.com/hpc/mpifileutils/blob/a80a6da975c4e24cfb0251c86b01000b6630853d/src/dcp/dcp.c#L398-L418

@adammoody Is it a valid case for someone to run dcp --uid without --gid?

brianjmurrell commented 10 months ago

I should have noted that the particular issue that rpmlint was complaining about was not calling setgroups() before calling setuid(), to relinquish any elevated group privileges that are not wanted/necessary after the setuid().

brianjmurrell commented 9 months ago

Any update here?

daltonbohning commented 8 months ago

@brianjmurrell I'll run a sample through our linter to see if I can fix this

daltonbohning commented 8 months ago

I ran #569 through our linter and it does resolve the warnings.