pool/openldap2
SHA256
12
0
Fork 2
Code Issues Pull Requests Activity

Accepting request 1031422 from home:firstyear:branches:network:ldap

Browse Source 
- bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user
  to privilege escalate to root due to unbound chown commands.

OBS-URL: https://build.opensuse.org/request/show/1031422
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=307
This commit is contained in:
William Brown
2022-10-27 01:27:25 +00:00
committed by Git OBS Bridge
parent 5c86a602e3
commit 8644a7376a
3 changed files with 43 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
slapd.service
View File

@@ -6,6 +6,23 @@ After=syslog.target network.target
Type=forking
ExecStart=/usr/lib/openldap/start
# Hardening to prevent security escalation.
## Future hardening for FS protection.
# ProtectSystem=full
# ReadWritePaths=/etc/openldap/slapd.d /var/lib/ldap
RestrictSUIDSGID=true
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target