forked from pool/cronie
Dirk Mueller
715db45cc6
- update to 1.5.3 * Fix CVE-2019-9704 [bnc#1128937] and CVE-2019-9705 [bnc#1128935] to avoid local DoS of the crond * crontab: Make crontab without arguments fail * crond: In PAM configuration include system-auth instead of password-auth * crond: In the systemd service file restart crond if it fails * crond: Use the role from the crond context for system job contexts * Multiple small cleanups and fixes. - refresh cronie-nheader_lines.diff and cronie-pam_config.diff OBS-URL: https://build.opensuse.org/request/show/685771 OBS-URL: https://build.opensuse.org/package/show/Base:System/cronie?expand=0&rev=171
20 lines
772 B
Diff
20 lines
772 B
Diff
Index: cronie-cronie-1.5.3/pam/crond
|
|
===================================================================
|
|
--- cronie-cronie-1.5.3.orig/pam/crond
|
|
+++ cronie-cronie-1.5.3/pam/crond
|
|
@@ -4,8 +4,9 @@
|
|
#
|
|
# Although no PAM authentication is called, auth modules
|
|
# are used for credential setting
|
|
-auth include system-auth
|
|
-account required pam_access.so
|
|
-account include system-auth
|
|
-session required pam_loginuid.so
|
|
-session include system-auth
|
|
+auth sufficient pam_rootok.so
|
|
+account sufficient pam_listfile.so item=user sense=allow file=/etc/cron.allow onerr=succeed quiet
|
|
+auth include common-auth
|
|
+account include common-account
|
|
+password include common-password
|
|
+session include common-session
|