[zope2-tracker] [Bug 769209] [NEW] setgid behavior change from CentOS 4 to CentOS 5
mwa
769209 at bugs.launchpad.net
Fri Apr 22 17:01:07 EDT 2011
Public bug reported:
We have an application running under zdaemon with the "user=" option.
The application reads files owned by another uid/gid. Under CentOS 4,
adding the application's userid to the other group (with the files group
readable) allowed the files to be read.
Under CentOS 5, the same application get's "permission denied" trying to
read the file. It appears, the setgid/setuid sequence under CentOS file
drops accessibility to suplementary groups.
By forcing the os.setgid(self.options.gid) to the required gid, read
access to the file was regained.
It seems to me that the newer behavior is more secure. (I've tried
tracing exactly when/where/why this behavior changed but with no luck.)
I think an appropriate fix would be to add a "group =" option to zdaemon
and setgid to that group if it is specified instead of the default gid
of the "user =" option
** Affects: zdaemon
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Zope 2
Developers, which is the registrant for zdaemon.
https://bugs.launchpad.net/bugs/769209
Title:
setgid behavior change from CentOS 4 to CentOS 5
More information about the zope2-tracker
mailing list