Issues
- Defaults to RSA-SHA1 as signing algorithmCPPXT-162Resolved issue: CPPXT-162Scott Cantor
- CurlInputStream should handle reallocation failuresCPPXT-161Resolved issue: CPPXT-161Scott Cantor
- Add pipe character to list of unsafe/encoded template charsCPPXT-160Resolved issue: CPPXT-160Scott Cantor
- Memory leak in version 3.2.4CPPXT-159Resolved issue: CPPXT-159Scott Cantor
- Build fails with clang-16CPPXT-158Resolved issue: CPPXT-158Scott Cantor
- ETag not being stored off when HTTP/2 used for metadataCPPXT-156Resolved issue: CPPXT-156Scott Cantor
- Block CipherReference in Decrypter classCPPXT-155Resolved issue: CPPXT-155Scott Cantor
- Log which encryption key was used when decrypting assertionCPPXT-154Resolved issue: CPPXT-154Scott Cantor
- test.pfx uses obsolete encryption algorithm, thus xmltoolingtest fails under OpenSSL 3CPPXT-153Resolved issue: CPPXT-153Scott Cantor
- PThread sleep method is recursiveCPPXT-152Resolved issue: CPPXT-152Scott Cantor
- Wiki migration broke some SecurityHelperTest testsCPPXT-151Resolved issue: CPPXT-151Scott Cantor
- Address BOOST_BIND_GLOBAL_PLACEHOLDERS issueCPPXT-150Scott Cantor
- Build work, but the test failsCPPXT-149Scott Cantor
- OpenSSL 3.0 compatibilityCPPXT-148Resolved issue: CPPXT-148Scott Cantor
- .bak files in the distribution tarballCPPXT-146Scott Cantor
- DataSealer is sharing non-thread safe keysCPPXT-145Resolved issue: CPPXT-145Scott Cantor
- Crash due to uncaught DOMExceptionCPPXT-143Resolved issue: CPPXT-143Scott Cantor
- CURL SOAP Transport: unset Expect HeaderCPPXT-144Resolved issue: CPPXT-144Scott Cantor
- Fails to build with g++ 8.2CPPXT-141Resolved issue: CPPXT-141Scott Cantor
- KeyInfo parser cannot handle <any>CPPXT-140Resolved issue: CPPXT-140Scott Cantor
- DataSealer needs to catch both Santuario exception typesCPPXT-139Resolved issue: CPPXT-139Scott Cantor
- xmltooling does not build with OpenSSL-1.1.1CPPXT-138Resolved issue: CPPXT-138Rod Widdowson
- OpenSSL 1.1.1 workCPPXT-137Resolved issue: CPPXT-137Scott Cantor
- Likely issues with empty element content in KeyInfo handling codeCPPXT-136Resolved issue: CPPXT-136Scott Cantor
- Lite half of library has unintentional zlib dependencyCPPXT-135Resolved issue: CPPXT-135Scott Cantor
- Reloadable configuration deleting backing file on a 304CPPXT-134Resolved issue: CPPXT-134Scott Cantor
- Eliminate uses of getTextContent in DOM helpersCPPXT-133Resolved issue: CPPXT-133Scott Cantor
- Slow down dependent on curl versionCPPXT-132Resolved issue: CPPXT-132Scott Cantor
- auto_ptr cleanupCPPXT-130Resolved issue: CPPXT-130Scott Cantor
- Additional nodes can be added to XML without breaking signatureCPPXT-128Resolved issue: CPPXT-128Scott Cantor
- DTD-defined entities can be added to XML without breaking signatureCPPXT-127Resolved issue: CPPXT-127Scott Cantor
- TODO and cleanup tasks for V3CPPXT-126Resolved issue: CPPXT-126Rod Widdowson
- Consider making AbractPKIXTrustEngine::checkEntityNames virtualCPPXT-125Resolved issue: CPPXT-125Scott Cantor
- Regression caused by CPPXT-116CPPXT-124Resolved issue: CPPXT-124Scott Cantor
- Updates and next releases of Xerces and SantuarioCPPXT-123Resolved issue: CPPXT-123Scott Cantor
- Replace DateTime class with Xerces versionCPPXT-122Resolved issue: CPPXT-122Scott Cantor
- Add -Wstrict-overflow=5 to gcc buildCPPXT-121Resolved issue: CPPXT-121Scott Cantor
- Set disallow-doctype property on DOMLSParserCPPXT-120Resolved issue: CPPXT-120Scott Cantor
- Explore possibility of a Xerces 3.2 releaseCPPXT-119Resolved issue: CPPXT-119Scott Cantor
- Address any deprecated CURL optionsCPPXT-118Resolved issue: CPPXT-118Scott Cantor
- Conflict between libxerces-c-devel and xerces-c-devel not handledCPPXT-117Resolved issue: CPPXT-117Scott Cantor
- Apache 2.4 / Shibboleth DeadlockCPPXT-116Resolved issue: CPPXT-116Scott Cantor
- ExplicitKeyTrustEngine doesn't handle EC in the OpenSSL caseCPPXT-114Resolved issue: CPPXT-114Scott Cantor
- Add ability to flush SOAP connection poolCPPXT-113Resolved issue: CPPXT-113Scott Cantor
- Build flags leak into pkg-config filesCPPXT-111Resolved issue: CPPXT-111Scott Cantor
- OpenSSL 1.1 compatibilityCPPXT-110Resolved issue: CPPXT-110Scott Cantor
- XSECCryptoX509CRL::loadX509CRLPEM() can read past unterminated bufferCPPXT-109Resolved issue: CPPXT-109Scott Cantor
- Potential nullpointer dereference in InlineCredential::getKeyInfoCPPXT-108Resolved issue: CPPXT-108Scott Cantor
- Issues compiling with Boost and VC15CPPXT-107Resolved issue: CPPXT-107Scott Cantor
- Move Windows build up to latest compilersCPPXT-106Resolved issue: CPPXT-106Rod Widdowson
1-50 of 142
Adjust ownership of /var/cache/shibboleth in the init script of RPM-based Linux distributions
Fixed
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Environment
None
Attachments
1
Created February 23, 2015 at 9:51 AM
Updated March 20, 2015 at 1:12 AM
Resolved March 4, 2015 at 2:51 AM
Activity
Show:
Former userMarch 9, 2015 at 12:11 PM
Nit: in the shibd-amazon.in file, the indenting is incorrect (http://svn.shibboleth.net/view/cpp-sp/branches/REL_2/configs/shibd-amazon.in?view=patch&r1=3907&r2=3906&pathrev=3907 - should be tab, not four blanks)
With (i.e. version 2.5.0), the packaging was changed to run
shibdunder its own unprivileged account."Inadvertently" running
shibd -twith root can break things like metadata updates, since files under/var/cache/shibbolethhave their owner changed torooton this occasion.Would it be possible to adjust the init scripts for the RPM-based scripts to (also) recursively change the owner of
/var/cache/shibboleth(in addition to/var/run/shibboleth) in thestart()function, as shown in the attached patch? (untested, but hopefully illustrates the idea)