[MXS-5227] MaxScale does not drop supplementary groups if --user is used - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 21.06.16
Fix Version/s: 21.06.17, 22.08.14, 23.02.11, 23.08.7, 24.02.3, 24.08.1
Component/s: Core
Labels:
None

Description

rpmlint warns of the following:

missing-call-to-setgroups-before-setuid:

This executable is calling setuid and setgid without setgroups or initgroups.

This means it didn't relinquish all groups, and this would be a potential

security issue.

This means that if the user who starts MaxScale is a part of some supplementary group and the user given with --user is not, the lack of a initgroups() call means that the user ends up being able to act as if it was a part of this group.

Attachments

Activity

People

Assignee:: markus makela

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-08-28 11:51

Updated:: 2024-08-29 05:19

Resolved:: 2024-08-29 05:19

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.