Skip to content

[rqd] Fix permission issues when becoming a user #1496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DiegoTavares merged 4 commits into from
Sep 6, 2024
Merged

[rqd] Fix permission issues when becoming a user #1496

DiegoTavares merged 4 commits into from
Sep 6, 2024

Conversation

@DiegoTavares
Copy link
Collaborator

@DiegoTavares DiegoTavares commented Aug 28, 2024
edited by ramonfigueiredo
Loading

Changes implemented by #1416 impacted the locking mechanism for handling permissions on rqd, causing multiple threads to compete for permission settings and access to passwords.

Besides fixing the bug, this PR also introduces a fix for a potential security issue that would allow frames to run as root if the frame user didn't exist and the process to create this user fails.

@DiegoTavares
Fix permission issues when becoming an user
c16938f 
Changes implemented by AcademySoftwareFoundation#1416 impacted the locking mechanism for handling permissions on rqd, causing multiple threads to compete for permission settings and access to passwd.

Besides fixing the bug, this PR also introduces a fix for a potential security issue that would allow frames to run as root if the frame user didn't exist and the process to create this user fails.
@DiegoTavares
Fix lint issue
a887986
@DiegoTavares DiegoTavares changed the title Fix permission issues when becoming an user [rqd] Fix permission issues when becoming an user Aug 28, 2024
@DiegoTavares DiegoTavares marked this pull request as ready for review August 28, 2024 18:10
@ramonfigueiredo ramonfigueiredo changed the title [rqd] Fix permission issues when becoming an user [rqd] Fix permission issues when becoming a user Sep 6, 2024
ramonfigueiredo
ramonfigueiredo approved these changes Sep 6, 2024
View reviewed changes
Copy link
Collaborator

@ramonfigueiredo ramonfigueiredo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DiegoTavares

Approved

rqd/rqd/rqutil.py
cmd.append(username)
log.info("Frame's username not found on host. Adding user with: %s", cmd)
subprocess.check_call(cmd)
# Multiple processes can be trying to access passwd, permissionHigh and
Copy link
Collaborator

@ramonfigueiredo ramonfigueiredo Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix comment:

passwd?

@DiegoTavares DiegoTavares merged commit 03960ea into AcademySoftwareFoundation:master Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ramonfigueiredo ramonfigueiredo ramonfigueiredo approved these changes

@bcipriano bcipriano Awaiting requested review from bcipriano

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DiegoTavares @ramonfigueiredo