Fix: sessiond: erroneous user check logic in session_access_ok
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 14 Aug 2020 20:59:18 +0000 (16:59 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 14 Aug 2020 21:06:04 +0000 (17:06 -0400)
commit4064563ea326f6f26d2c458009beb9ebdb3ba840
tree8ceef9ff53cf6ce94853fda5843804bea3ed00b9
parentd1ba29d290281cf72ca3ec7b0222b336c747e925
Fix: sessiond: erroneous user check logic in session_access_ok

The current session_access_ok logic disallows the access to a session when:
  uid != session->uid && gid != session->gid && uid != 0

This means that any user that is part of the same primary group as the session's
owner can access the session. The primary group is not necessarily (and most
likely) not the `tracing` group.

For instance:
  - the session has uid = 1000, gid = 100
  - the current user has uid = 1001, gid = 100

access to the session is granted.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I2e9208286e5508315dae90cb25d34133ca5edcc0
src/bin/lttng-sessiond/session.c
This page took 0.0364 seconds and 4 git commands to generate.