Commit report for v3.0.x branch

The git bot announce at freeradius.org
Fri Jul 12 02:00:02 CEST 2019


New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)

======
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQJWBAABCgBAFiEEpcXpnfubXB9wp6L/2bkzwSrtdPAFAl0nj3QiHG1hdHRoZXct
 Z2l0QG5ld3RvbmNvbXB1dGluZy5jby51awAKCRDZuTPBKu108McBD/9KNGt8xs15
 PlaWZGYbQHXGE8s3Xc5R7PJIoytFkBkynYUBaTu7/sHp5WZahNo9mms9PgsX3pD4
 btLQrtYVgvjcRT9S00flXasQi7azKk56vb8IywsVxvgQHvg8XwHX086wvdOH+/0O
 OXdkyXsXtAY6VteQBgOmf8l9ki5ltybPx/QbqYGrrR5I3BW+dycj8xHspM4S4P7u
 lArkklAq1WYx0hva4axUO6WXu+qKglgDmhOACOR5w6DOCIdhL+aObaN/cWy9/3hZ
 sxyv7Bycm00OIMh1yjmBff9JIbVlWBGznIz4XAd563BgvcLxxm/7rVXDwyJHYX9w
 D4eW5iKEjJkS75O1J5ZYNrb3jO2UrD3BgW7Ptr7KAZ3fmg3qJqhOnFIrCuH98ICg
 mHNkFP1BSt5pvcueF0nHBSzDQuzihEkDMzSU8fvTxTaLEK5LwodujQ4hh0T36TYO
 iydMCIHPuWGKnd892q9GScxkUwU1ZEQ4Y/ocLiAgB9RLbhknRB/cLEJzU2bbUBCE
 4pQ6vb8tMtYTPcHC7hmAvFZNnK+6h1pe05PYFjpxX7xMll8qpQxYcb9uobHX7VGr
 Iqtcu317AOp2JVP6/hLZlTyScooJtz7i/HJgI/lIcbxNvP9q6DEyANymRvNR6AGl
 1CoBGKw/c3zf65cMa8QcimjeHiaaFXWpwA==
 =RddB
 -----END PGP SIGNATURE-----

Adjust, and disable, the systemd CapabilityBoundingSet option

CapabilityBoundingSet is a list of all capabilities that the
process gets, not a list of new ones that it's allowed. So without
e.g. CAP_SETUID the calls to setuid will fail, and radiusd can't
start up if (correctly) configured to run non-root.

Notably, not having CAP_DAC_OVERRIDE set means that it's very
likely that radiusd won't be able to read /etc/raddb due to file
permissions in some installations. Removing it is possible with
correct permissions, but then the -Cx pre config check will fail
as that tried to access log files as root, and will also fail.
(Essentially, it is more secure to remove it, but that will need
code changes.)

It's also very possible that some other capabilities are required
that are not yet listed here.

This option needs testing on a wide range of systems before being
enabled by default, hence commenting it out for now.

Matthew Newton at 2019-07-11T19:21:25Z
Files modified:
	* redhat/radiusd.service

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/6dd4ad16958033ed9f3f8575a23f2fbf1eb047cc
====== 
rlm_mschap: Fix typo

Jorge Pereira (via Arran Cudbard-Bell)@2019-07-11T17:59:52Z
Files modified:
	* src/modules/rlm_mschap/opendir.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/e4a9fae4097e1306affebfedc2fc567d362e182a
====== 
-- 
This commit summary was generated @2019-07-12T00:00:02Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).


More information about the Freeradius-Devel mailing list