diff --git a/coreutils-6.8-su.diff b/coreutils-6.8-su.diff index e4c7efb..7a0a3b6 100644 --- a/coreutils-6.8-su.diff +++ b/coreutils-6.8-su.diff @@ -400,7 +400,7 @@ Index: src/su.c static void run_shell (char const *, char const *, char **, size_t) ATTRIBUTE_NORETURN; -@@ -216,7 +239,162 @@ log_su (struct passwd const *pw, bool su +@@ -216,7 +239,163 @@ log_su (struct passwd const *pw, bool su } #endif @@ -466,11 +466,6 @@ Index: src/su.c + sigset_t ourset; + int status; + -+ /* su without pam support does not have a helper that keeps -+ * sitting on any directory so let's go to / */ -+ if (chdir ("/") != 0) -+ error (0, errno, _("warning: cannot change directory to %s"), "/"); -+ + retval = pam_open_session (pamh,0); + if (retval != PAM_SUCCESS) + { @@ -493,6 +488,12 @@ Index: src/su.c + return; + + /* in the parent watch the child */ ++ ++ /* su without pam support does not have a helper that keeps ++ * sitting on any directory so let's go to / */ ++ if (chdir ("/") != 0) ++ error (0, errno, _("warning: cannot change directory to %s"), "/"); ++ + sigfillset (&ourset); + if (sigprocmask (SIG_BLOCK, &ourset, NULL)) + { @@ -563,7 +564,7 @@ Index: src/su.c Return true if the user gives the correct password for entry PW, false if not. Return true without asking for a password if run by UID 0 or if PW has an empty password. */ -@@ -224,10 +402,52 @@ log_su (struct passwd const *pw, bool su +@@ -224,10 +403,52 @@ log_su (struct passwd const *pw, bool su static bool correct_password (const struct passwd *pw) { @@ -617,7 +618,7 @@ Index: src/su.c endspent (); if (sp) -@@ -248,6 +468,7 @@ correct_password (const struct passwd *p +@@ -248,6 +469,7 @@ correct_password (const struct passwd *p encrypted = crypt (unencrypted, correct); memset (unencrypted, 0, strlen (unencrypted)); return STREQ (encrypted, correct); @@ -625,7 +626,7 @@ Index: src/su.c } /* Update `environ' for the new shell based on PW, with SHELL being -@@ -272,8 +493,8 @@ modify_environment (const struct passwd +@@ -272,8 +494,8 @@ modify_environment (const struct passwd xsetenv ("USER", pw->pw_name); xsetenv ("LOGNAME", pw->pw_name); xsetenv ("PATH", (pw->pw_uid @@ -636,7 +637,7 @@ Index: src/su.c } else { -@@ -283,6 +504,12 @@ modify_environment (const struct passwd +@@ -283,6 +505,12 @@ modify_environment (const struct passwd { xsetenv ("HOME", pw->pw_dir); xsetenv ("SHELL", shell); @@ -649,7 +650,7 @@ Index: src/su.c if (pw->pw_uid) { xsetenv ("USER", pw->pw_name); -@@ -290,19 +517,41 @@ modify_environment (const struct passwd +@@ -290,19 +518,41 @@ modify_environment (const struct passwd } } } @@ -693,7 +694,7 @@ Index: src/su.c if (setgid (pw->pw_gid)) error (EXIT_FAIL, errno, _("cannot set group id")); if (setuid (pw->pw_uid)) -@@ -495,6 +744,7 @@ main (int argc, char **argv) +@@ -495,6 +745,7 @@ main (int argc, char **argv) #ifdef SYSLOG_FAILURE log_su (pw, false); #endif @@ -701,7 +702,7 @@ Index: src/su.c error (EXIT_FAIL, 0, _("incorrect password")); } #ifdef SYSLOG_SUCCESS -@@ -516,9 +766,21 @@ main (int argc, char **argv) +@@ -516,9 +767,21 @@ main (int argc, char **argv) shell = NULL; } shell = xstrdup (shell ? shell : pw->pw_shell); diff --git a/coreutils.changes b/coreutils.changes index b97d3eb..fe089da 100644 --- a/coreutils.changes +++ b/coreutils.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Mar 5 17:23:45 CET 2007 - lnussel@suse.de + +- su: don't chdir("/") before fork() (#251287) + ------------------------------------------------------------------- Fri Mar 2 13:47:35 CET 2007 - lnussel@suse.de diff --git a/coreutils.spec b/coreutils.spec index 0e273dc..e1dae48 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -21,7 +21,7 @@ Obsoletes: libselinux <= 1.23.11-3 libselinux-32bit >= 9 libselinux-64bit = Autoreqprov: on PreReq: %{install_info_prereq} Version: 6.8 -Release: 3 +Release: 4 Summary: GNU Core Utilities Source: coreutils-%{version}.tar.bz2 Source1: su.pamd @@ -171,6 +171,8 @@ rm -rf $RPM_BUILD_ROOT %dir %{_prefix}/share/locale/*/LC_TIME %changelog +* Mon Mar 05 2007 - lnussel@suse.de +- su: don't chdir("/") before fork() (#251287) * Fri Mar 02 2007 - lnussel@suse.de - split off and rework PAM patch for su: * run pam_open_session as root (#245706)