systemd/0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
Stephan Kulow 38fe6dfa6d Accepting request 234299 from Base:System
- Make baselibs.conf aware to use the appropiate %post and %postun
  scriptlets which includes pam-config (bnc#877674) 

- Add upstram patches
  0001-core-close-socket-fds-asynchronously.patch
  0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch
  0003-core-make-sure-to-serialize-jobs-for-all-units.patch

- Add upstram patches
  0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
  0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
  to avoid that in pam session unwanted file descriptors are inherited

- Make baselibs.conf aware to use the appropiate %post and %postun
  scriptlets which includes pam-config (bnc#877674) 

- Add upstram patches
  0001-core-close-socket-fds-asynchronously.patch
  0002-logind-bring-polkit-policy-for-hibernate-in-line-wit.patch
  0003-core-make-sure-to-serialize-jobs-for-all-units.patch

- Add upstram patches
  0001-replace-more-dup-by-F_DUPFD_CLOEXEC.patch
  0002-pam_systemd-use-F_DUPFD_CLOEXEC-when-dupping-session.patch
  to avoid that in pam session unwanted file descriptors are inherited

OBS-URL: https://build.opensuse.org/request/show/234299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=187
2014-05-17 19:46:37 +00:00

27 lines
948 B
Diff

From 85c08dc013f9f99b58bc9b79284af0b35304237b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 13 May 2014 16:35:34 +0200
Subject: [PATCH] pam_systemd: use F_DUPFD_CLOEXEC when dupping session fds
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019034.html
---
src/login/pam-module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/login/pam-module.c src/login/pam-module.c
index 9873dd5..1259457 100644
--- src/login/pam-module.c
+++ src/login/pam-module.c
@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
}
if (session_fd >= 0) {
- session_fd = dup(session_fd);
+ session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
if (session_fd < 0) {
pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
return PAM_SESSION_ERR;
--
1.7.9.2