diff --git a/make-sure-sbin-resp-usr-sbin-are-in-PATH.diff b/make-sure-sbin-resp-usr-sbin-are-in-PATH.diff new file mode 100644 index 0000000..249c5f6 --- /dev/null +++ b/make-sure-sbin-resp-usr-sbin-are-in-PATH.diff @@ -0,0 +1,143 @@ +--- util-linux-2.23.1/login-utils/su-common.c ++++ util-linux-2.23.1/login-utils/su-common.c 2013-06-06 08:46:59.575872090 +0000 +@@ -473,6 +473,117 @@ set_path(const struct passwd* pw) + err (EXIT_FAILURE, _("failed to set PATH")); + } + ++/* Add or clear /sbin and /usr/sbin for the su command ++ used without `-'. */ ++ ++/* Set if /sbin is found in path. */ ++#define SBIN_MASK 0x01 ++/* Set if /usr/sbin is found in path. */ ++#define USBIN_MASK 0x02 ++ ++static char * ++addsbin (const char *const path) ++{ ++ unsigned char smask = 0; ++ char *ptr, *tmp, *cur, *ret = NULL; ++ size_t len; ++ ++ if (!path || *path == 0) ++ return NULL; ++ ++ tmp = xstrdup (path); ++ cur = tmp; ++ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":")) ++ { ++ if (!strcmp (ptr, "/sbin")) ++ smask |= SBIN_MASK; ++ if (!strcmp (ptr, "/usr/sbin")) ++ smask |= USBIN_MASK; ++ } ++ ++ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK)) ++ { ++ free (tmp); ++ return NULL; ++ } ++ ++ len = strlen (path); ++ if (!(smask & USBIN_MASK)) ++ len += strlen ("/usr/sbin:"); ++ ++ if (!(smask & SBIN_MASK)) ++ len += strlen (":/sbin"); ++ ++ ret = xmalloc (len + 1); ++ strcpy (tmp, path); ++ ++ *ret = 0; ++ cur = tmp; ++ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) ++ { ++ if (!strcmp (ptr, ".")) ++ continue; ++ if (*ret) ++ strcat (ret, ":"); ++ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin")) ++ { ++ strcat (ret, "/usr/sbin:"); ++ strcat (ret, ptr); ++ smask |= USBIN_MASK; ++ continue; ++ } ++ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin")) ++ { ++ strcat (ret, ptr); ++ strcat (ret, ":/sbin"); ++ smask |= SBIN_MASK; ++ continue; ++ } ++ strcat (ret, ptr); ++ } ++ free (tmp); ++ ++ if (!(smask & USBIN_MASK)) ++ strcat (ret, ":/usr/sbin"); ++ ++ if (!(smask & SBIN_MASK)) ++ strcat (ret, ":/sbin"); ++ ++ return ret; ++} ++ ++static char * ++clearsbin (const char *const path) ++{ ++ char *ptr, *tmp, *cur, *ret = NULL; ++ ++ if (!path || *path == 0) ++ return NULL; ++ ++ tmp = strdup (path); ++ if (!tmp) ++ return NULL; ++ ++ ret = xmalloc (strlen (path) + 1); ++ *ret = 0; ++ cur = tmp; ++ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) ++ { ++ if (!strcmp (ptr, "/sbin")) ++ continue; ++ if (!strcmp (ptr, "/usr/sbin")) ++ continue; ++ if (!strcmp (ptr, "/usr/local/sbin")) ++ continue; ++ if (*ret) ++ strcat (ret, ":"); ++ strcat (ret, ptr); ++ } ++ free (tmp); ++ ++ return ret; ++} ++ + /* Update `environ' for the new shell based on PW, with SHELL being + the value for the SHELL environment variable. */ + +@@ -508,6 +619,22 @@ modify_environment (const struct passwd + xsetenv ("SHELL", shell, 1); + if (getlogindefs_bool ("ALWAYS_SET_PATH", 0)) + set_path(pw); ++ else ++ { ++ char const *path = getenv ("PATH"); ++ char *new = NULL; ++ ++ if (pw->pw_uid) ++ new = clearsbin (path); ++ else ++ new = addsbin (path); ++ ++ if (new) ++ { ++ xsetenv ("PATH", new, 1); ++ free (new); ++ } ++ } + + if (pw->pw_uid) + { diff --git a/su.default b/su.default new file mode 100644 index 0000000..62d1702 --- /dev/null +++ b/su.default @@ -0,0 +1,11 @@ +# Per default, only "su -" will set a new PATH. +# If this variable is changed to "yes" (default is "no"), +# every su call will overwrite the PATH variable. +ALWAYS_SET_PATH=no + +# Default path. +PATH=/usr/local/bin:/bin:/usr/bin + +# Default path for a user invoking su to root. +SUPATH=/usr/sbin:/bin:/usr/bin:/sbin + diff --git a/su.pamd b/su.pamd new file mode 100644 index 0000000..d0c9fe8 --- /dev/null +++ b/su.pamd @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include common-auth +account sufficient pam_rootok.so +account include common-account +password include common-password +session include common-session +session optional pam_xauth.so diff --git a/util-linux-rpmlintrc b/util-linux-rpmlintrc index 81be4db..9f6d408 100644 --- a/util-linux-rpmlintrc +++ b/util-linux-rpmlintrc @@ -4,4 +4,10 @@ addFilter("incoherent-init-script-name raw") addFilter("no-reload-entry /etc/init.d/raw") # There is no egrep(1) used -> False positive addFilter("deprecated-grep") - +# Both pam configs for su and su-l are marked as noreplace +addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*") +# Useless warning as the /usr/bin variants are known +addFilter(".*W:.*permissions-symlink.*/bin/su.*") +addFilter(".*W:.*permissions-symlink.*/bin/umount.*") +addFilter(".*W:.*permissions-symlink.*/bin/mount.*") + diff --git a/util-linux.changes b/util-linux.changes index b806c48..fd710d3 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jun 6 08:27:43 UTC 2013 - werner@suse.de + +- Add make-sure-sbin-resp-usr-sbin-are-in-PATH.diff, that is include + the old "let `su' handle /sbin and /usr/sbin in path" +- Provide the new eject utility to avoid file conflict with old + eject package + ------------------------------------------------------------------- Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de diff --git a/util-linux.spec b/util-linux.spec index 4b07199..2c560f8 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -70,8 +70,10 @@ Source6: etc_filesystems Source7: baselibs.conf Source8: login.pamd Source9: remote.pamd +Source10: su.pamd +Source11: su.default # TODO: split to separate package -Source11: klogconsole.tar.bz2 +Source40: klogconsole.tar.bz2 # XXX: Run a program in a new session and with controlling tty Source22: setctsid.c Source23: setctsid.8 @@ -91,6 +93,8 @@ Source51: blkid.conf Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch Patch2: util-linux-2.23.1-eject-fpie.patch Patch3: fdisk-tinfo.patch +# PATCH-EXTEND-UPSTREAM: Let `su' handle /sbin and /usr/sbin in path +Patch4: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff # disable encryption Patch12: util-linux-2.23.1-noenc-suse.diff @@ -112,12 +116,14 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq /bin/sed # Provides: base = %{version}-%{release} +Provides: eject = %{version}-%{release} Provides: login = 4.0-33.7 Provides: raw = %{version}-%{release} Provides: rawio = %{version}-%{release} Provides: util = %{version}-%{release} Provides: uuid-runtime = %{version}-%{release} Obsoletes: base < %{version}-%{release} +Obsoletes: eject < %{version}-%{release} Obsoletes: login < 4.0-33.7 Obsoletes: raw < %{version}-%{release} Obsoletes: rawio < %{version}-%{release} @@ -199,10 +205,11 @@ Files to develop applications using the libmount library. %lang_package %prep -%setup -q -n %{name}-%{version} -b 11 +%setup -q -n %{name}-%{version} -b 40 %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %patch12 -p1 # %patch20 -p1 @@ -231,7 +238,7 @@ make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}" # # Version check for libutempter # -uhead=$(find /usr/include -name utempter.h 2>/dev/null) +uhead=$(find %_includedir -name utempter.h 2>/dev/null) if test -n "$uhead" && grep -q utempter_add_record "$uhead" then uhead=--with-utempter @@ -293,13 +300,18 @@ make %{?_smp_mflags} %{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31} %install -mkdir -p %{buildroot}{/etc/init.d,/etc/pam.d,%{_mandir}/man{1,8},/bin,/sbin,/usr/bin,/usr/sbin,%{_infodir}} +mkdir -p %{buildroot}{%{_sysconfdir}/{init.d,pam.d,default},%{_mandir}/man{1,8},/bin,/sbin,%{_bindir},%{_sbindir},%{_infodir}} mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/ mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/ install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf -install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login -install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote +install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/login +install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/remote +%if %{with enable_su} +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l +install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su +%endif mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates pushd ../klogconsole # klogconsole install @@ -370,9 +382,9 @@ install -m 444 setctsid.8 %{buildroot}%{_mandir}/man8/ echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb chmod 755 %{buildroot}%{_sbindir}/flushb # Install scripts to configure raw devices at boot time -install -m 644 $RPM_SOURCE_DIR/etc.raw %{buildroot}%{_sysconfdir}/raw +install -m 644 $RPM_SOURCE_DIR%{_sysconfdir}.raw %{buildroot}%{_sysconfdir}/raw install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw -ln -sf ../../etc/init.d/raw %{buildroot}%{_sbindir}/rcraw +ln -sf ../..%{_sysconfdir}/init.d/raw %{buildroot}%{_sbindir}/rcraw # Stupid hack so we don't have a tcsh dependency chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh # Following files we don't want to package, so remove them @@ -445,12 +457,12 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd %if 0%{?suse_version} <= 1130 %run_permissions %else -%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount +%set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount %if %{with sysvinit_tools} -%set_permissions /usr/bin/su +%set_permissions %{_bindir}/su %endif %if %{with enable_eject} -%set_permissions /usr/bin/eject +%set_permissions %{_bindir}/eject %endif %endif @@ -464,12 +476,12 @@ fi %{insserv_cleanup} %verifyscript -%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount +%verify_permissions -e %{_bindir}/wall -e %{_bindir}/write -e %{_bindir}/mount -e %{_bindir}/umount %if %{with sysvinit_tools} -%verify_permissions -e /usr/bin/su +%verify_permissions -e %{_bindir}/su %endif %if %{with enable_eject} -%verify_permissions -e /usr/bin/eject +%verify_permissions -e %{_bindir}/eject %endif %post -n libblkid1 -p /sbin/ldconfig @@ -481,8 +493,8 @@ fi %postun -n libmount1 -p /sbin/ldconfig %pre -n uuidd -/usr/sbin/groupadd -r uuidd 2>/dev/null || : -/usr/sbin/useradd -r -g uuidd -c "User for uuidd" \ +%{_sbindir}/groupadd -r uuidd 2>/dev/null || : +%{_sbindir}/useradd -r -g uuidd -c "User for uuidd" \ -d /var/run/uuidd uuidd 2>/dev/null || : %preun -n uuidd @@ -493,7 +505,7 @@ fi %if 0%{?suse_version} <= 1130 %run_permissions %else -%set_permissions /usr/sbin/uuidd +%set_permissions %{_sbindir}/uuidd %endif %postun -n uuidd @@ -505,7 +517,7 @@ fi %postun -n libuuid1 -p /sbin/ldconfig %verifyscript -n uuidd -%verify_permissions -e /usr/sbin/uuidd +%verify_permissions -e %{_sbindir}/uuidd %files lang -f %{name}.lang @@ -530,8 +542,13 @@ fi %config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw %config(noreplace) %{_sysconfdir}/filesystems %config(noreplace) %{_sysconfdir}/blkid.conf -%config(noreplace) /etc/pam.d/login -%config(noreplace) /etc/pam.d/remote +%config(noreplace) %{_sysconfdir}/pam.d/login +%config(noreplace) %{_sysconfdir}/pam.d/remote +%if %{with enable_su} +%config(noreplace) %{_sysconfdir}/pam.d/su +%config(noreplace) %{_sysconfdir}/pam.d/su-l +%config(noreplace) %{_sysconfdir}/default/su +%endif #UsrMerge %if %{with enable_su} /bin/kill