diff --git a/Linux-PAM-1.3.92-docs.tar.xz b/Linux-PAM-1.3.92-docs.tar.xz deleted file mode 100644 index cef9c1b..0000000 --- a/Linux-PAM-1.3.92-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:58af8e875cdcaffcf5bc2ca2d228dcb2f1589e73448391f2de562dfed186cf8a -size 464148 diff --git a/Linux-PAM-1.3.92.tar.xz b/Linux-PAM-1.3.92.tar.xz deleted file mode 100644 index bfd8bbf..0000000 --- a/Linux-PAM-1.3.92.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:12bb1b2128fa4cffdd3ba5950e2f985602db35f2ff984129709e84b8f5e6225b -size 982628 diff --git a/Linux-PAM-1.4.0-docs.tar.xz b/Linux-PAM-1.4.0-docs.tar.xz new file mode 100644 index 0000000..273819e --- /dev/null +++ b/Linux-PAM-1.4.0-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:351764a0643052564a4b840320744c7e402112a2a57d2ac04511a6d22dc52e04 +size 477712 diff --git a/Linux-PAM-1.4.0.tar.xz b/Linux-PAM-1.4.0.tar.xz new file mode 100644 index 0000000..fedf45f --- /dev/null +++ b/Linux-PAM-1.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034 +size 988908 diff --git a/fix-man-links.dif b/fix-man-links.dif deleted file mode 100644 index 04fe917..0000000 --- a/fix-man-links.dif +++ /dev/null @@ -1,56 +0,0 @@ -Index: Linux-PAM-1.1.8/doc/man/pam.8 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam.8 -+++ Linux-PAM-1.1.8/doc/man/pam.8 -@@ -1 +1 @@ --.so PAM.8 -+.so man8/PAM.8 -Index: Linux-PAM-1.1.8/doc/man/pam.d.5 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam.d.5 -+++ Linux-PAM-1.1.8/doc/man/pam.d.5 -@@ -1 +1 @@ --.so pam.conf.5 -+.so man5/pam.conf.5 -Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_noverify.3 -+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 -@@ -1 +1 @@ --.so pam_get_authtok.3 -+.so man3/pam_get_authtok.3 -Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_verify.3 -+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 -@@ -1 +1 @@ --.so pam_get_authtok.3 -+.so man3/pam_get_authtok.3 -Index: Linux-PAM-1.1.8/doc/man/pam_verror.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_verror.3 -+++ Linux-PAM-1.1.8/doc/man/pam_verror.3 -@@ -1 +1 @@ --.so pam_error.3 -+.so man3/pam_error.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vinfo.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vinfo.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vinfo.3 -@@ -1 +1 @@ --.so pam_info.3 -+.so man3/pam_info.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vprompt.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vprompt.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vprompt.3 -@@ -1 +1 @@ --.so pam_prompt.3 -+.so man3/pam_prompt.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vsyslog.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 -@@ -1 +1 @@ --.so pam_syslog.3 -+.so man3/pam_syslog.3 diff --git a/pam-check-user-home-dir.patch b/pam-check-user-home-dir.patch deleted file mode 100644 index e3a98e7..0000000 --- a/pam-check-user-home-dir.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 27ded8954a1235bb65ffc9c730ae5a50b1dfed61 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Josef=20M=C3=B6llers?= -Date: Fri, 29 May 2020 14:35:43 +0000 -Subject: [PATCH] pam_setquota: skip mountpoints equal to the user's $HOME -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Matthias Gerstner found the following issue: - - -So this pam_setquota module iterates over all mounted file systems using -`setmntent()` and `getmntent()`. It tries to find the longest match of -a file system mounted on /home/$USER or above (except when the -fs=/some/path parameter is passed to the pam module). - -The thing is that /home/$USER is owned by the unprivileged user. And -there exist tools like fusermount from libfuse which is by default -installed setuid-root for everybody. fusermount allows to mount a FUSE -file system using an arbitrary "source device name" as the unprivileged -user. - -Thus considering the following use case: - -1) there is only the root file system (/) or a file system is mounted on - /home, but not on /home/$USER. -2) the attacker mounts a fake FUSE file system over its own home directory: - - ``` - user $ export _FUSE_COMMFD=0 - user $ fusermount $HOME -ononempty,fsname=/dev/sda1 - ``` - - This will result in a mount entry in /proc/mounts looking like this: - - ``` - /dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100) - ``` -3) when the attacker now logs in with pam_setquota configured then - pam_setquota will identify /dev/sda1 and the file system where - to apply the user's quota on. - -As a result an unprivileged user has full control over onto which block -device the quota is applied. - - -If the user's $HOME is on a separate partition, setting a quota on the -user's $HOME does not really make sense, so this patch skips mountpoints -equal to the user's $HOME, preventing the above mentioned bug as -a side-effect (or vice-versa). - -Reported-by: Matthias Gerstner -Co-authored-by: Tomáš Mráz -Co-authored-by: Dmitry V. Levin -Resolves: https://github.com/linux-pam/linux-pam/pull/230 ---- - modules/pam_setquota/pam_setquota.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c -index 9c05862a..01b05e38 100644 ---- a/modules/pam_setquota/pam_setquota.c -+++ b/modules/pam_setquota/pam_setquota.c -@@ -275,7 +275,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - */ - if ((mnt_len > match_size || (mnt_len == 0 && mnt->mnt_dir[0] == '/')) && - (s = pam_str_skip_prefix_len(pwd->pw_dir, mnt->mnt_dir, mnt_len)) != NULL && -- (s[0] == '\0' || s[0] == '/')) { -+ s[0] == '/') { - free(mntdevice); - if ((mntdevice = strdup(mnt->mnt_fsname)) == NULL) { - pam_syslog(pamh, LOG_CRIT, "Memory allocation error"); diff --git a/pam.changes b/pam.changes index 8b5264c..f2c199e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + ------------------------------------------------------------------- Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index e95797a..cff51f0 100644 --- a/pam.spec +++ b/pam.spec @@ -27,7 +27,7 @@ %endif Name: pam # -Version: 1.3.92 +Version: 1.4.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -45,10 +45,8 @@ Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh -Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-check-user-home-dir.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -139,10 +137,8 @@ removed with one of the next releases. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . -%patch0 -p1 %patch2 -p1 %patch4 -p1 -%patch5 -p1 %build bash ./pam-login_defs-check.sh