Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-316

Privileges on shared PIN memory

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.4.0b1
    • Fix Version/s: future
    • Component/s: libhsm
    • Labels:

      Description

      The shared memory is created with the same user and group as the running user. If the shared memory has not been created yet, then there is a potential problem that the user first runs the "ods-hsmutil login" as root and then start OpenDNSSEC which drops privileges. The code will refuse to use or cannot use the shared memory because it belongs to another group.

      The solution can be:

      • Run sudo -u user -g group ods-hsmutil login, or
      • Let ods-hsmutil drop privileges just like Enforcer/Signer Engine.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            rickard Rickard Bellgrim
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: