-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/13/2009 03:52 AM, Sumit Bose wrote: > On Mon, Oct 12, 2009 at 10:28:05AM -0400, Simo Sorce wrote: >> On Mon, 2009-10-12 at 15:46 +0200, Sumit Bose wrote: >>> There is a problem with --debug-to-files. krb5_child runs as the user >>> requesting the ticket so the path to krb5_child.log needs to have >>> matching permissions. A possible solution would be to create the file >>> with 666 permissions during the setup of the kerberos backend. Any >>> other >>> ideas? >> >> You *really* don't want to have log files 666 ever. >> The easiest way would be to open the log file from the parent *without* >> CLOSE_ON_EXEC, and pass the fd number to krb5_child on the command line, >> and then have krb5_child use that fd to send debug messages. >> >> Simo. >> > > ok, please find updated patch attached. > > bye, > Sumit > > > > _______________________________________________ > sssd-devel mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/sssd-devel
prepare_child_argv(): Testing for argc < 2 for each of the potential options seems somewhat nonsensical, since you're starting at two (program name and NULL), adding one each for debug_level, debug_to_file and debug_timestamps and then subtracting them when you copy them in. I don't see anywhere that this check could ever fail to be true. Also, you don't test whether the talloc_strdup() calls might return NULL (in an out-of-memory situation). The implementation looks fine otherwise. - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkrWEUcACgkQeiVVYja6o6MdcQCeMDPK85b1csjASsVmOWWUyjOV VZAAoKvcAFDggdSarb7j61R0U5DDnpcI =e45z -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
