Project

General

Profile

Actions

Bug #9026

closed

Bug #7060: cfengine stops processing a promise on symlinks

cfengine stops processing a promise on symlinks

Added by Benoît PECCATTE over 7 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

When a symbolic link isn't owned by the same user as its tagrget, cfengine stops processing file promises.
This can stop an attack on code where there is a race condition, but in practice, ther should not be race conditions and there is a lot of legitimate systems with links that don't have the same owner as their target.
We should disable this behavior

Actions #1

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from New to In progress
  • Assignee set to Benoît PECCATTE
Actions #2

Updated by Benoît PECCATTE over 7 years ago

  • Target version changed from 3.2.7 to 4.0.0~rc2
Actions #3

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1051
Actions #4

Updated by Benoît PECCATTE over 7 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #5

Updated by Benoît PECCATTE over 7 years ago

  • Target version changed from 4.0.0~rc2 to 318
Actions #6

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 318 to 4.0.0~rc2
Actions #7

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.0.0~rc2 to 4.0.0~rc1
Actions #8

Updated by Alexis Mousset over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.0.0 which was released the 10th November 2016.

Actions

Also available in: Atom PDF