Only allow 'stderr' log output when running setuid (CVE-2013-4400)
We must not allow file/syslog/journald log outputs when running setuid since they can be abused to do bad things. In particular the 'file' output can be used to overwrite files. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 8c3586ea)
Showing
想要评论请 注册 或 登录