Re: [SSSD] Review of umask() in SSSD

2015-11-05 Thread Jakub Hrozek
On Thu, Nov 05, 2015 at 12:22:00PM +0100, Petr Cech wrote: > On 10/21/2015 03:19 PM, Petr Cech wrote: > >On 10/12/2015 11:37 AM, Jakub Hrozek wrote: > From a15acee2495ee12190e711f3344e14c54fc73062 Mon Sep 17 00:00:00 2001 > From: Petr Cech > Date: Wed, 7 Oct 2015

Re: [SSSD] Review of umask() in SSSD

2015-11-05 Thread Petr Cech
On 10/21/2015 03:19 PM, Petr Cech wrote: On 10/12/2015 11:37 AM, Jakub Hrozek wrote: > From a15acee2495ee12190e711f3344e14c54fc73062 Mon Sep 17 00:00:00 2001 >From: Petr Cech >Date: Wed, 7 Oct 2015 08:57:15 -0400 >Subject: [PATCH 10/11] KRB5_CHILD: More restrictive umask > >We

Re: [SSSD] Review of umask() in SSSD

2015-11-05 Thread Lukas Slebodnik
On (05/11/15 12:58), Jakub Hrozek wrote: >On Thu, Nov 05, 2015 at 12:22:00PM +0100, Petr Cech wrote: >> On 10/21/2015 03:19 PM, Petr Cech wrote: >> >On 10/12/2015 11:37 AM, Jakub Hrozek wrote: >> From a15acee2495ee12190e711f3344e14c54fc73062 Mon Sep 17 00:00:00 2001 >> From: Petr

Re: [SSSD] Review of umask() in SSSD

2015-10-21 Thread Petr Cech
On 10/12/2015 11:37 AM, Jakub Hrozek wrote: > From a15acee2495ee12190e711f3344e14c54fc73062 Mon Sep 17 00:00:00 2001 >From: Petr Cech >Date: Wed, 7 Oct 2015 08:57:15 -0400 >Subject: [PATCH 10/11] KRB5_CHILD: More restrictive umask > >We could use more restrictive umask in

Re: [SSSD] Review of umask() in SSSD

2015-10-14 Thread Jakub Hrozek
On Wed, Oct 14, 2015 at 01:26:23PM +0200, Jakub Hrozek wrote: > ACK to the attached patches. CI: http://sssd-ci.duckdns.org/logs/job/30/28/summary.html master: * c1584502dec8ae19dfd89c6e598cc7648dfd78a6 * c4a1191d673e4368f1831cbeb4d75b15e51ff6db *

Re: [SSSD] Review of umask() in SSSD

2015-10-14 Thread Jakub Hrozek
On Tue, Oct 13, 2015 at 04:40:55PM +0200, Petr Cech wrote: > >> From a15acee2495ee12190e711f3344e14c54fc73062 Mon Sep 17 00:00:00 2001 > >>From: Petr Cech > >>Date: Wed, 7 Oct 2015 08:57:15 -0400 > >>Subject: [PATCH 10/11] KRB5_CHILD: More restrictive umask > >> > >>We could use

Re: [SSSD] Review of umask() in SSSD

2015-10-13 Thread Petr Cech
On 10/12/2015 11:37 AM, Jakub Hrozek wrote: On Wed, Oct 07, 2015 at 03:55:17PM +0200, Petr Cech wrote: On 10/04/2015 09:39 PM, Jakub Hrozek wrote: Finally, because I'm a lazy reviewer, I would prefer: - a patch that converts 0177 to DFL, with a comment around the macro definition

Re: [SSSD] Review of umask() in SSSD

2015-10-12 Thread Jakub Hrozek
On Wed, Oct 07, 2015 at 03:55:17PM +0200, Petr Cech wrote: > On 10/04/2015 09:39 PM, Jakub Hrozek wrote: > >Finally, because I'm a lazy reviewer, I would prefer: > > - a patch that converts 0177 to DFL, with a comment around the macro > > definition that this is the default secure umask

Re: [SSSD] Review of umask() in SSSD

2015-10-07 Thread Petr Cech
On 10/04/2015 09:39 PM, Jakub Hrozek wrote: Finally, because I'm a lazy reviewer, I would prefer: - a patch that converts 0177 to DFL, with a comment around the macro definition that this is the default secure umask - a patch that converts 0077 to DFL_X, with a comment around

Re: [SSSD] Review of umask() in SSSD

2015-10-04 Thread Jakub Hrozek
On Thu, Oct 01, 2015 at 02:06:50PM +0200, Petr Cech wrote: > On 10/01/2015 01:19 PM, Jakub Hrozek wrote: > >On Thu, Oct 01, 2015 at 12:38:49PM +0200, Petr Cech wrote: > >>Bump. > > > Thanks for reply, Jakub. > > >Why was 077 changed for 0177? > This change is something, which I think was

Re: [SSSD] Review of umask() in SSSD

2015-10-04 Thread Jakub Hrozek
On Sun, Oct 04, 2015 at 09:15:05PM +0200, Jakub Hrozek wrote: > On Thu, Oct 01, 2015 at 02:06:50PM +0200, Petr Cech wrote: > > On 10/01/2015 01:19 PM, Jakub Hrozek wrote: > > >On Thu, Oct 01, 2015 at 12:38:49PM +0200, Petr Cech wrote: > > >>Bump. > > > > > Thanks for reply, Jakub. > > > > >Why

Re: [SSSD] Review of umask() in SSSD

2015-10-04 Thread Jakub Hrozek
On Sun, Oct 04, 2015 at 09:20:17PM +0200, Jakub Hrozek wrote: > On Sun, Oct 04, 2015 at 09:15:05PM +0200, Jakub Hrozek wrote: > > On Thu, Oct 01, 2015 at 02:06:50PM +0200, Petr Cech wrote: > > > On 10/01/2015 01:19 PM, Jakub Hrozek wrote: > > > >On Thu, Oct 01, 2015 at 12:38:49PM +0200, Petr Cech

Re: [SSSD] Review of umask() in SSSD

2015-10-01 Thread Petr Cech
On 10/01/2015 01:19 PM, Jakub Hrozek wrote: On Thu, Oct 01, 2015 at 12:38:49PM +0200, Petr Cech wrote: Bump. Thanks for reply, Jakub. Why was 077 changed for 0177? This change is something, which I think was discussed earlier in this thread. # pcech: # > I would like to ask you if we

Re: [SSSD] Review of umask() in SSSD

2015-10-01 Thread Jakub Hrozek
On Thu, Oct 01, 2015 at 12:38:49PM +0200, Petr Cech wrote: > Bump. Why was 077 changed for 0177? About the name -- shouldn't we say just "SSS_DFL_UMASK" ? We are a security project, therefore restrictive by default :-) ___ sssd-devel mailing list

Re: [SSSD] Review of umask() in SSSD

2015-10-01 Thread Petr Cech
Bump. ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] Review of umask() in SSSD

2015-09-15 Thread Petr Cech
On 09/11/2015 01:47 PM, Jakub Hrozek wrote: On Thu, Sep 10, 2015 at 12:27:17PM +0200, Petr Cech wrote: Hi, I am reviewing umask() in our code according to https://fedorahosted.org/sssd/ticket/2424 There are many use like umask(DFL_RSP_UMASK): src/responder/autofs/autofssrv.c:223

Re: [SSSD] Review of umask() in SSSD

2015-09-11 Thread Jakub Hrozek
On Thu, Sep 10, 2015 at 12:27:17PM +0200, Petr Cech wrote: > Hi, > > I am reviewing umask() in our code according to > https://fedorahosted.org/sssd/ticket/2424 > > There are many use like umask(DFL_RSP_UMASK): > src/responder/autofs/autofssrv.c:223 > src/responder/ifp/ifpsrv.c:401 >

[SSSD] Review of umask() in SSSD

2015-09-10 Thread Petr Cech
Hi, I am reviewing umask() in our code according to https://fedorahosted.org/sssd/ticket/2424 There are many use like umask(DFL_RSP_UMASK): src/responder/autofs/autofssrv.c:223 src/responder/ifp/ifpsrv.c:401 src/responder/nss/nsssrv.c:589 src/responder/pac/pacsrv.c:232