Bug #7060
closed
cfengine stops processing a promise on symlinks
Added by Benoît PECCATTE over 9 years ago.
Updated about 8 years ago.
Description
When a symbolic link isn't owned by the same user as its tagrget, cfengine stops processing file promises.
This can stop an attack on code where there is a race condition, but in practice, ther should not be race conditions and there is a lot of legitimate systems with links that don't have the same owner as their target.
We should disable this behavior
- Target version changed from 2.11.13 to 2.11.14
- Target version changed from 2.11.14 to 2.11.15
- Target version changed from 2.11.15 to 2.11.16
- Target version changed from 2.11.16 to 2.11.17
- Target version changed from 2.11.17 to 2.11.18
- Target version changed from 2.11.18 to 2.11.19
- Target version changed from 2.11.19 to 2.11.20
- Target version changed from 2.11.20 to 2.11.21
- Target version changed from 2.11.21 to 2.11.22
- Target version changed from 2.11.22 to 2.11.23
- Target version changed from 2.11.23 to 2.11.24
- Target version changed from 2.11.24 to 308
- Related to Bug #6953: The agent refuses to work on files with symlink in their path added
- Target version changed from 308 to 3.1.14
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-packages/pull/1050
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
- Related to deleted (Bug #6953: The agent refuses to work on files with symlink in their path)
- Related to Bug #6953: The agent refuses to work on files with symlink in their path added
- Category changed from System integration to Agent
- Status changed from Pending release to Released
This bug has been fixed in Rudder 3.1.15/14 and 3.2.8/7 which were released today.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by