https://bugzilla.redhat.com/show_bug.cgi?id=1394962 --- Comment #11 from Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> --- (In reply to Nathaniel McCallum from comment #10) > The clevis-decrypt binary is not executed as root. We drop privileges much > earlier than that. See: > https://github.com/latchset/clevis/blob/master/clevis-luks-udisks2.c#L384 > > However, your concern is still valid because we pass information obtained as > root to that process. So it still represents a security concern. I'd love to > chat with you on IRC to discuss some of my concerns with my own code if you > have time. Yeah, I think it's a concern, also because the program uses the information received *from* the other binary. Please ping me on IRC when you're around. I saw your ping yesterday after I returned home, but you were already gone... > Yeah, I agree. The main reason I haven't done this is because it makes > in-tree unit testing (after build, before install) more difficult. > Suggestions welcome. I'd add a C define with the full path (using AC_DEFINE or similar), and allow overriding it using a shell variable in non-suid process. const char *p = secure_getenv("CLEVIS_HELPER_PATH"); if (p) return p; else return HELPER_PATH; -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx