This commit is contained in:
parent
4860603e7b
commit
95d641d280
@ -400,7 +400,7 @@ Index: src/su.c
|
||||
static void run_shell (char const *, char const *, char **, size_t)
|
||||
ATTRIBUTE_NORETURN;
|
||||
|
||||
@@ -216,7 +239,162 @@ log_su (struct passwd const *pw, bool su
|
||||
@@ -216,7 +239,163 @@ log_su (struct passwd const *pw, bool su
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -466,11 +466,6 @@ Index: src/su.c
|
||||
+ sigset_t ourset;
|
||||
+ int status;
|
||||
+
|
||||
+ /* su without pam support does not have a helper that keeps
|
||||
+ * sitting on any directory so let's go to / */
|
||||
+ if (chdir ("/") != 0)
|
||||
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
|
||||
+
|
||||
+ retval = pam_open_session (pamh,0);
|
||||
+ if (retval != PAM_SUCCESS)
|
||||
+ {
|
||||
@ -493,6 +488,12 @@ Index: src/su.c
|
||||
+ return;
|
||||
+
|
||||
+ /* in the parent watch the child */
|
||||
+
|
||||
+ /* su without pam support does not have a helper that keeps
|
||||
+ * sitting on any directory so let's go to / */
|
||||
+ if (chdir ("/") != 0)
|
||||
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
|
||||
+
|
||||
+ sigfillset (&ourset);
|
||||
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
|
||||
+ {
|
||||
@ -563,7 +564,7 @@ Index: src/su.c
|
||||
Return true if the user gives the correct password for entry PW,
|
||||
false if not. Return true without asking for a password if run by UID 0
|
||||
or if PW has an empty password. */
|
||||
@@ -224,10 +402,52 @@ log_su (struct passwd const *pw, bool su
|
||||
@@ -224,10 +403,52 @@ log_su (struct passwd const *pw, bool su
|
||||
static bool
|
||||
correct_password (const struct passwd *pw)
|
||||
{
|
||||
@ -617,7 +618,7 @@ Index: src/su.c
|
||||
|
||||
endspent ();
|
||||
if (sp)
|
||||
@@ -248,6 +468,7 @@ correct_password (const struct passwd *p
|
||||
@@ -248,6 +469,7 @@ correct_password (const struct passwd *p
|
||||
encrypted = crypt (unencrypted, correct);
|
||||
memset (unencrypted, 0, strlen (unencrypted));
|
||||
return STREQ (encrypted, correct);
|
||||
@ -625,7 +626,7 @@ Index: src/su.c
|
||||
}
|
||||
|
||||
/* Update `environ' for the new shell based on PW, with SHELL being
|
||||
@@ -272,8 +493,8 @@ modify_environment (const struct passwd
|
||||
@@ -272,8 +494,8 @@ modify_environment (const struct passwd
|
||||
xsetenv ("USER", pw->pw_name);
|
||||
xsetenv ("LOGNAME", pw->pw_name);
|
||||
xsetenv ("PATH", (pw->pw_uid
|
||||
@ -636,7 +637,7 @@ Index: src/su.c
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -283,6 +504,12 @@ modify_environment (const struct passwd
|
||||
@@ -283,6 +505,12 @@ modify_environment (const struct passwd
|
||||
{
|
||||
xsetenv ("HOME", pw->pw_dir);
|
||||
xsetenv ("SHELL", shell);
|
||||
@ -649,7 +650,7 @@ Index: src/su.c
|
||||
if (pw->pw_uid)
|
||||
{
|
||||
xsetenv ("USER", pw->pw_name);
|
||||
@@ -290,19 +517,41 @@ modify_environment (const struct passwd
|
||||
@@ -290,19 +518,41 @@ modify_environment (const struct passwd
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -693,7 +694,7 @@ Index: src/su.c
|
||||
if (setgid (pw->pw_gid))
|
||||
error (EXIT_FAIL, errno, _("cannot set group id"));
|
||||
if (setuid (pw->pw_uid))
|
||||
@@ -495,6 +744,7 @@ main (int argc, char **argv)
|
||||
@@ -495,6 +745,7 @@ main (int argc, char **argv)
|
||||
#ifdef SYSLOG_FAILURE
|
||||
log_su (pw, false);
|
||||
#endif
|
||||
@ -701,7 +702,7 @@ Index: src/su.c
|
||||
error (EXIT_FAIL, 0, _("incorrect password"));
|
||||
}
|
||||
#ifdef SYSLOG_SUCCESS
|
||||
@@ -516,9 +766,21 @@ main (int argc, char **argv)
|
||||
@@ -516,9 +767,21 @@ main (int argc, char **argv)
|
||||
shell = NULL;
|
||||
}
|
||||
shell = xstrdup (shell ? shell : pw->pw_shell);
|
||||
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 5 17:23:45 CET 2007 - lnussel@suse.de
|
||||
|
||||
- su: don't chdir("/") before fork() (#251287)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 2 13:47:35 CET 2007 - lnussel@suse.de
|
||||
|
||||
|
@ -21,7 +21,7 @@ Obsoletes: libselinux <= 1.23.11-3 libselinux-32bit >= 9 libselinux-64bit =
|
||||
Autoreqprov: on
|
||||
PreReq: %{install_info_prereq}
|
||||
Version: 6.8
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: GNU Core Utilities
|
||||
Source: coreutils-%{version}.tar.bz2
|
||||
Source1: su.pamd
|
||||
@ -171,6 +171,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%dir %{_prefix}/share/locale/*/LC_TIME
|
||||
|
||||
%changelog
|
||||
* Mon Mar 05 2007 - lnussel@suse.de
|
||||
- su: don't chdir("/") before fork() (#251287)
|
||||
* Fri Mar 02 2007 - lnussel@suse.de
|
||||
- split off and rework PAM patch for su:
|
||||
* run pam_open_session as root (#245706)
|
||||
|
Loading…
Reference in New Issue
Block a user