Skip to content

[Heartbeat] Setuid has perms issues with user controlled config files #28572

New issue
New issue
Closed
#28577
Closed
[Heartbeat] Setuid has perms issues with user controlled config files#28572
#28577
Assignees
andrewvc
Labels
Team:obs-ds-hosted-servicesLabel for the Observability Hosted Services teambackport-v7.16.0Automated backport with mergifybugv7.16.0
@andrewvc

Description

@andrewvc
andrewvc
opened on Oct 20, 2021

In #28514 we added support for setuid-ing to a regular user from root. This wasn't thought of as a breaking change, because it generally isn't. One place where that's not quite true is that if users have config files that are owned by root with no o+r perms heartbeat can't read these after downgrading its credentials.

To remedy this I propose we only invoke setuid in the elastic-agent containers where we control config files completely.

Metadata

Assignees

Labels

Team:obs-ds-hosted-servicesLabel for the Observability Hosted Services teambackport-v7.16.0Automated backport with mergifybugv7.16.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions