OBS User unknown 2007-03-06 08:02:47 +00:00 committed by Git OBS Bridge
parent bf56cf2642
commit 979ae87efc
3 changed files with 22 additions and 14 deletions

View File

@ -400,7 +400,7 @@ Index: src/su.c
static void run_shell (char const *, char const *, char **, size_t) static void run_shell (char const *, char const *, char **, size_t)
ATTRIBUTE_NORETURN; ATTRIBUTE_NORETURN;
@@ -216,7 +239,162 @@ log_su (struct passwd const *pw, bool su @@ -216,7 +239,163 @@ log_su (struct passwd const *pw, bool su
} }
#endif #endif
@ -466,11 +466,6 @@ Index: src/su.c
+ sigset_t ourset; + sigset_t ourset;
+ int status; + int status;
+ +
+ /* su without pam support does not have a helper that keeps
+ * sitting on any directory so let's go to / */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
+ retval = pam_open_session (pamh,0); + retval = pam_open_session (pamh,0);
+ if (retval != PAM_SUCCESS) + if (retval != PAM_SUCCESS)
+ { + {
@ -493,6 +488,12 @@ Index: src/su.c
+ return; + return;
+ +
+ /* in the parent watch the child */ + /* in the parent watch the child */
+
+ /* su without pam support does not have a helper that keeps
+ * sitting on any directory so let's go to / */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
+ sigfillset (&ourset); + sigfillset (&ourset);
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL)) + if (sigprocmask (SIG_BLOCK, &ourset, NULL))
+ { + {
@ -563,7 +564,7 @@ Index: src/su.c
Return true if the user gives the correct password for entry PW, Return true if the user gives the correct password for entry PW,
false if not. Return true without asking for a password if run by UID 0 false if not. Return true without asking for a password if run by UID 0
or if PW has an empty password. */ or if PW has an empty password. */
@@ -224,10 +402,52 @@ log_su (struct passwd const *pw, bool su @@ -224,10 +403,52 @@ log_su (struct passwd const *pw, bool su
static bool static bool
correct_password (const struct passwd *pw) correct_password (const struct passwd *pw)
{ {
@ -617,7 +618,7 @@ Index: src/su.c
endspent (); endspent ();
if (sp) if (sp)
@@ -248,6 +468,7 @@ correct_password (const struct passwd *p @@ -248,6 +469,7 @@ correct_password (const struct passwd *p
encrypted = crypt (unencrypted, correct); encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted)); memset (unencrypted, 0, strlen (unencrypted));
return STREQ (encrypted, correct); return STREQ (encrypted, correct);
@ -625,7 +626,7 @@ Index: src/su.c
} }
/* Update `environ' for the new shell based on PW, with SHELL being /* Update `environ' for the new shell based on PW, with SHELL being
@@ -272,8 +493,8 @@ modify_environment (const struct passwd @@ -272,8 +494,8 @@ modify_environment (const struct passwd
xsetenv ("USER", pw->pw_name); xsetenv ("USER", pw->pw_name);
xsetenv ("LOGNAME", pw->pw_name); xsetenv ("LOGNAME", pw->pw_name);
xsetenv ("PATH", (pw->pw_uid xsetenv ("PATH", (pw->pw_uid
@ -636,7 +637,7 @@ Index: src/su.c
} }
else else
{ {
@@ -283,6 +504,12 @@ modify_environment (const struct passwd @@ -283,6 +505,12 @@ modify_environment (const struct passwd
{ {
xsetenv ("HOME", pw->pw_dir); xsetenv ("HOME", pw->pw_dir);
xsetenv ("SHELL", shell); xsetenv ("SHELL", shell);
@ -649,7 +650,7 @@ Index: src/su.c
if (pw->pw_uid) if (pw->pw_uid)
{ {
xsetenv ("USER", pw->pw_name); xsetenv ("USER", pw->pw_name);
@@ -290,19 +517,41 @@ modify_environment (const struct passwd @@ -290,19 +518,41 @@ modify_environment (const struct passwd
} }
} }
} }
@ -693,7 +694,7 @@ Index: src/su.c
if (setgid (pw->pw_gid)) if (setgid (pw->pw_gid))
error (EXIT_FAIL, errno, _("cannot set group id")); error (EXIT_FAIL, errno, _("cannot set group id"));
if (setuid (pw->pw_uid)) if (setuid (pw->pw_uid))
@@ -495,6 +744,7 @@ main (int argc, char **argv) @@ -495,6 +745,7 @@ main (int argc, char **argv)
#ifdef SYSLOG_FAILURE #ifdef SYSLOG_FAILURE
log_su (pw, false); log_su (pw, false);
#endif #endif
@ -701,7 +702,7 @@ Index: src/su.c
error (EXIT_FAIL, 0, _("incorrect password")); error (EXIT_FAIL, 0, _("incorrect password"));
} }
#ifdef SYSLOG_SUCCESS #ifdef SYSLOG_SUCCESS
@@ -516,9 +766,21 @@ main (int argc, char **argv) @@ -516,9 +767,21 @@ main (int argc, char **argv)
shell = NULL; shell = NULL;
} }
shell = xstrdup (shell ? shell : pw->pw_shell); shell = xstrdup (shell ? shell : pw->pw_shell);

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Mar 5 17:23:45 CET 2007 - lnussel@suse.de
- su: don't chdir("/") before fork() (#251287)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 2 13:47:35 CET 2007 - lnussel@suse.de Fri Mar 2 13:47:35 CET 2007 - lnussel@suse.de

View File

@ -21,7 +21,7 @@ Obsoletes: libselinux <= 1.23.11-3 libselinux-32bit >= 9 libselinux-64bit =
Autoreqprov: on Autoreqprov: on
PreReq: %{install_info_prereq} PreReq: %{install_info_prereq}
Version: 6.8 Version: 6.8
Release: 3 Release: 4
Summary: GNU Core Utilities Summary: GNU Core Utilities
Source: coreutils-%{version}.tar.bz2 Source: coreutils-%{version}.tar.bz2
Source1: su.pamd Source1: su.pamd
@ -171,6 +171,8 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_prefix}/share/locale/*/LC_TIME %dir %{_prefix}/share/locale/*/LC_TIME
%changelog %changelog
* Mon Mar 05 2007 - lnussel@suse.de
- su: don't chdir("/") before fork() (#251287)
* Fri Mar 02 2007 - lnussel@suse.de * Fri Mar 02 2007 - lnussel@suse.de
- split off and rework PAM patch for su: - split off and rework PAM patch for su:
* run pam_open_session as root (#245706) * run pam_open_session as root (#245706)