This commit is contained in:
parent
bf56cf2642
commit
979ae87efc
@ -400,7 +400,7 @@ Index: src/su.c
|
|||||||
static void run_shell (char const *, char const *, char **, size_t)
|
static void run_shell (char const *, char const *, char **, size_t)
|
||||||
ATTRIBUTE_NORETURN;
|
ATTRIBUTE_NORETURN;
|
||||||
|
|
||||||
@@ -216,7 +239,162 @@ log_su (struct passwd const *pw, bool su
|
@@ -216,7 +239,163 @@ log_su (struct passwd const *pw, bool su
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -466,11 +466,6 @@ Index: src/su.c
|
|||||||
+ sigset_t ourset;
|
+ sigset_t ourset;
|
||||||
+ int status;
|
+ int status;
|
||||||
+
|
+
|
||||||
+ /* su without pam support does not have a helper that keeps
|
|
||||||
+ * sitting on any directory so let's go to / */
|
|
||||||
+ if (chdir ("/") != 0)
|
|
||||||
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
|
|
||||||
+
|
|
||||||
+ retval = pam_open_session (pamh,0);
|
+ retval = pam_open_session (pamh,0);
|
||||||
+ if (retval != PAM_SUCCESS)
|
+ if (retval != PAM_SUCCESS)
|
||||||
+ {
|
+ {
|
||||||
@ -493,6 +488,12 @@ Index: src/su.c
|
|||||||
+ return;
|
+ return;
|
||||||
+
|
+
|
||||||
+ /* in the parent watch the child */
|
+ /* in the parent watch the child */
|
||||||
|
+
|
||||||
|
+ /* su without pam support does not have a helper that keeps
|
||||||
|
+ * sitting on any directory so let's go to / */
|
||||||
|
+ if (chdir ("/") != 0)
|
||||||
|
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
|
||||||
|
+
|
||||||
+ sigfillset (&ourset);
|
+ sigfillset (&ourset);
|
||||||
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
|
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
|
||||||
+ {
|
+ {
|
||||||
@ -563,7 +564,7 @@ Index: src/su.c
|
|||||||
Return true if the user gives the correct password for entry PW,
|
Return true if the user gives the correct password for entry PW,
|
||||||
false if not. Return true without asking for a password if run by UID 0
|
false if not. Return true without asking for a password if run by UID 0
|
||||||
or if PW has an empty password. */
|
or if PW has an empty password. */
|
||||||
@@ -224,10 +402,52 @@ log_su (struct passwd const *pw, bool su
|
@@ -224,10 +403,52 @@ log_su (struct passwd const *pw, bool su
|
||||||
static bool
|
static bool
|
||||||
correct_password (const struct passwd *pw)
|
correct_password (const struct passwd *pw)
|
||||||
{
|
{
|
||||||
@ -617,7 +618,7 @@ Index: src/su.c
|
|||||||
|
|
||||||
endspent ();
|
endspent ();
|
||||||
if (sp)
|
if (sp)
|
||||||
@@ -248,6 +468,7 @@ correct_password (const struct passwd *p
|
@@ -248,6 +469,7 @@ correct_password (const struct passwd *p
|
||||||
encrypted = crypt (unencrypted, correct);
|
encrypted = crypt (unencrypted, correct);
|
||||||
memset (unencrypted, 0, strlen (unencrypted));
|
memset (unencrypted, 0, strlen (unencrypted));
|
||||||
return STREQ (encrypted, correct);
|
return STREQ (encrypted, correct);
|
||||||
@ -625,7 +626,7 @@ Index: src/su.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Update `environ' for the new shell based on PW, with SHELL being
|
/* Update `environ' for the new shell based on PW, with SHELL being
|
||||||
@@ -272,8 +493,8 @@ modify_environment (const struct passwd
|
@@ -272,8 +494,8 @@ modify_environment (const struct passwd
|
||||||
xsetenv ("USER", pw->pw_name);
|
xsetenv ("USER", pw->pw_name);
|
||||||
xsetenv ("LOGNAME", pw->pw_name);
|
xsetenv ("LOGNAME", pw->pw_name);
|
||||||
xsetenv ("PATH", (pw->pw_uid
|
xsetenv ("PATH", (pw->pw_uid
|
||||||
@ -636,7 +637,7 @@ Index: src/su.c
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -283,6 +504,12 @@ modify_environment (const struct passwd
|
@@ -283,6 +505,12 @@ modify_environment (const struct passwd
|
||||||
{
|
{
|
||||||
xsetenv ("HOME", pw->pw_dir);
|
xsetenv ("HOME", pw->pw_dir);
|
||||||
xsetenv ("SHELL", shell);
|
xsetenv ("SHELL", shell);
|
||||||
@ -649,7 +650,7 @@ Index: src/su.c
|
|||||||
if (pw->pw_uid)
|
if (pw->pw_uid)
|
||||||
{
|
{
|
||||||
xsetenv ("USER", pw->pw_name);
|
xsetenv ("USER", pw->pw_name);
|
||||||
@@ -290,19 +517,41 @@ modify_environment (const struct passwd
|
@@ -290,19 +518,41 @@ modify_environment (const struct passwd
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -693,7 +694,7 @@ Index: src/su.c
|
|||||||
if (setgid (pw->pw_gid))
|
if (setgid (pw->pw_gid))
|
||||||
error (EXIT_FAIL, errno, _("cannot set group id"));
|
error (EXIT_FAIL, errno, _("cannot set group id"));
|
||||||
if (setuid (pw->pw_uid))
|
if (setuid (pw->pw_uid))
|
||||||
@@ -495,6 +744,7 @@ main (int argc, char **argv)
|
@@ -495,6 +745,7 @@ main (int argc, char **argv)
|
||||||
#ifdef SYSLOG_FAILURE
|
#ifdef SYSLOG_FAILURE
|
||||||
log_su (pw, false);
|
log_su (pw, false);
|
||||||
#endif
|
#endif
|
||||||
@ -701,7 +702,7 @@ Index: src/su.c
|
|||||||
error (EXIT_FAIL, 0, _("incorrect password"));
|
error (EXIT_FAIL, 0, _("incorrect password"));
|
||||||
}
|
}
|
||||||
#ifdef SYSLOG_SUCCESS
|
#ifdef SYSLOG_SUCCESS
|
||||||
@@ -516,9 +766,21 @@ main (int argc, char **argv)
|
@@ -516,9 +767,21 @@ main (int argc, char **argv)
|
||||||
shell = NULL;
|
shell = NULL;
|
||||||
}
|
}
|
||||||
shell = xstrdup (shell ? shell : pw->pw_shell);
|
shell = xstrdup (shell ? shell : pw->pw_shell);
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 5 17:23:45 CET 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- su: don't chdir("/") before fork() (#251287)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 2 13:47:35 CET 2007 - lnussel@suse.de
|
Fri Mar 2 13:47:35 CET 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ Obsoletes: libselinux <= 1.23.11-3 libselinux-32bit >= 9 libselinux-64bit =
|
|||||||
Autoreqprov: on
|
Autoreqprov: on
|
||||||
PreReq: %{install_info_prereq}
|
PreReq: %{install_info_prereq}
|
||||||
Version: 6.8
|
Version: 6.8
|
||||||
Release: 3
|
Release: 4
|
||||||
Summary: GNU Core Utilities
|
Summary: GNU Core Utilities
|
||||||
Source: coreutils-%{version}.tar.bz2
|
Source: coreutils-%{version}.tar.bz2
|
||||||
Source1: su.pamd
|
Source1: su.pamd
|
||||||
@ -171,6 +171,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%dir %{_prefix}/share/locale/*/LC_TIME
|
%dir %{_prefix}/share/locale/*/LC_TIME
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 05 2007 - lnussel@suse.de
|
||||||
|
- su: don't chdir("/") before fork() (#251287)
|
||||||
* Fri Mar 02 2007 - lnussel@suse.de
|
* Fri Mar 02 2007 - lnussel@suse.de
|
||||||
- split off and rework PAM patch for su:
|
- split off and rework PAM patch for su:
|
||||||
* run pam_open_session as root (#245706)
|
* run pam_open_session as root (#245706)
|
||||||
|
Loading…
Reference in New Issue
Block a user