3
0
forked from pool/util-linux
Dr. Werner Fink 2013-06-06 09:42:28 +00:00 committed by Git OBS Bridge
parent 183f945ed4
commit 78ca94ad29
6 changed files with 214 additions and 21 deletions

View File

@ -0,0 +1,143 @@
--- util-linux-2.23.1/login-utils/su-common.c
+++ util-linux-2.23.1/login-utils/su-common.c 2013-06-06 08:46:59.575872090 +0000
@@ -473,6 +473,117 @@ set_path(const struct passwd* pw)
err (EXIT_FAILURE, _("failed to set PATH"));
}
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
/* Update `environ' for the new shell based on PW, with SHELL being
the value for the SHELL environment variable. */
@@ -508,6 +619,22 @@ modify_environment (const struct passwd
xsetenv ("SHELL", shell, 1);
if (getlogindefs_bool ("ALWAYS_SET_PATH", 0))
set_path(pw);
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new, 1);
+ free (new);
+ }
+ }
if (pw->pw_uid)
{

11
su.default Normal file
View File

@ -0,0 +1,11 @@
# Per default, only "su -" will set a new PATH.
# If this variable is changed to "yes" (default is "no"),
# every su call will overwrite the PATH variable.
ALWAYS_SET_PATH=no
# Default path.
PATH=/usr/local/bin:/bin:/usr/bin
# Default path for a user invoking su to root.
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin

8
su.pamd Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so

View File

@ -4,4 +4,10 @@ addFilter("incoherent-init-script-name raw")
addFilter("no-reload-entry /etc/init.d/raw") addFilter("no-reload-entry /etc/init.d/raw")
# There is no egrep(1) used -> False positive # There is no egrep(1) used -> False positive
addFilter("deprecated-grep") addFilter("deprecated-grep")
# Both pam configs for su and su-l are marked as noreplace
addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*")
# Useless warning as the /usr/bin variants are known
addFilter(".*W:.*permissions-symlink.*/bin/su.*")
addFilter(".*W:.*permissions-symlink.*/bin/umount.*")
addFilter(".*W:.*permissions-symlink.*/bin/mount.*")

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jun 6 08:27:43 UTC 2013 - werner@suse.de
- Add make-sure-sbin-resp-usr-sbin-are-in-PATH.diff, that is include
the old "let `su' handle /sbin and /usr/sbin in path"
- Provide the new eject utility to avoid file conflict with old
eject package
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de

View File

@ -70,8 +70,10 @@ Source6: etc_filesystems
Source7: baselibs.conf Source7: baselibs.conf
Source8: login.pamd Source8: login.pamd
Source9: remote.pamd Source9: remote.pamd
Source10: su.pamd
Source11: su.default
# TODO: split to separate package # TODO: split to separate package
Source11: klogconsole.tar.bz2 Source40: klogconsole.tar.bz2
# XXX: Run a program in a new session and with controlling tty # XXX: Run a program in a new session and with controlling tty
Source22: setctsid.c Source22: setctsid.c
Source23: setctsid.8 Source23: setctsid.8
@ -91,6 +93,8 @@ Source51: blkid.conf
Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
Patch2: util-linux-2.23.1-eject-fpie.patch Patch2: util-linux-2.23.1-eject-fpie.patch
Patch3: fdisk-tinfo.patch Patch3: fdisk-tinfo.patch
# PATCH-EXTEND-UPSTREAM: Let `su' handle /sbin and /usr/sbin in path
Patch4: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
# disable encryption # disable encryption
Patch12: util-linux-2.23.1-noenc-suse.diff Patch12: util-linux-2.23.1-noenc-suse.diff
@ -112,12 +116,14 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %insserv_prereq %fillup_prereq /bin/sed PreReq: %insserv_prereq %fillup_prereq /bin/sed
# #
Provides: base = %{version}-%{release} Provides: base = %{version}-%{release}
Provides: eject = %{version}-%{release}
Provides: login = 4.0-33.7 Provides: login = 4.0-33.7
Provides: raw = %{version}-%{release} Provides: raw = %{version}-%{release}
Provides: rawio = %{version}-%{release} Provides: rawio = %{version}-%{release}
Provides: util = %{version}-%{release} Provides: util = %{version}-%{release}
Provides: uuid-runtime = %{version}-%{release} Provides: uuid-runtime = %{version}-%{release}
Obsoletes: base < %{version}-%{release} Obsoletes: base < %{version}-%{release}
Obsoletes: eject < %{version}-%{release}
Obsoletes: login < 4.0-33.7 Obsoletes: login < 4.0-33.7
Obsoletes: raw < %{version}-%{release} Obsoletes: raw < %{version}-%{release}
Obsoletes: rawio < %{version}-%{release} Obsoletes: rawio < %{version}-%{release}
@ -199,10 +205,11 @@ Files to develop applications using the libmount library.
%lang_package %lang_package
%prep %prep
%setup -q -n %{name}-%{version} -b 11 %setup -q -n %{name}-%{version} -b 40
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch12 -p1 %patch12 -p1
# #
%patch20 -p1 %patch20 -p1
@ -231,7 +238,7 @@ make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}"
# #
# Version check for libutempter # Version check for libutempter
# #
uhead=$(find /usr/include -name utempter.h 2>/dev/null) uhead=$(find %_includedir -name utempter.h 2>/dev/null)
if test -n "$uhead" && grep -q utempter_add_record "$uhead" if test -n "$uhead" && grep -q utempter_add_record "$uhead"
then then
uhead=--with-utempter uhead=--with-utempter
@ -293,13 +300,18 @@ make %{?_smp_mflags}
%{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31} %{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31}
%install %install
mkdir -p %{buildroot}{/etc/init.d,/etc/pam.d,%{_mandir}/man{1,8},/bin,/sbin,/usr/bin,/usr/sbin,%{_infodir}} mkdir -p %{buildroot}{%{_sysconfdir}/{init.d,pam.d,default},%{_mandir}/man{1,8},/bin,/sbin,%{_bindir},%{_sbindir},%{_infodir}}
mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/ mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/
mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/ mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/
install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd
install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/login
install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/remote
%if %{with enable_su}
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su
%endif
mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
pushd ../klogconsole pushd ../klogconsole
# klogconsole install # klogconsole install
@ -370,9 +382,9 @@ install -m 444 setctsid.8 %{buildroot}%{_mandir}/man8/
echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb
chmod 755 %{buildroot}%{_sbindir}/flushb chmod 755 %{buildroot}%{_sbindir}/flushb
# Install scripts to configure raw devices at boot time # Install scripts to configure raw devices at boot time
install -m 644 $RPM_SOURCE_DIR/etc.raw %{buildroot}%{_sysconfdir}/raw install -m 644 $RPM_SOURCE_DIR%{_sysconfdir}.raw %{buildroot}%{_sysconfdir}/raw
install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw
ln -sf ../../etc/init.d/raw %{buildroot}%{_sbindir}/rcraw ln -sf ../..%{_sysconfdir}/init.d/raw %{buildroot}%{_sbindir}/rcraw
# Stupid hack so we don't have a tcsh dependency # Stupid hack so we don't have a tcsh dependency
chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh
# Following files we don't want to package, so remove them # Following files we don't want to package, so remove them
@ -445,12 +457,12 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd
%if 0%{?suse_version} <= 1130 %if 0%{?suse_version} <= 1130
%run_permissions %run_permissions
%else %else
%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount %set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount
%if %{with sysvinit_tools} %if %{with sysvinit_tools}
%set_permissions /usr/bin/su %set_permissions %{_bindir}/su
%endif %endif
%if %{with enable_eject} %if %{with enable_eject}
%set_permissions /usr/bin/eject %set_permissions %{_bindir}/eject
%endif %endif
%endif %endif
@ -464,12 +476,12 @@ fi
%{insserv_cleanup} %{insserv_cleanup}
%verifyscript %verifyscript
%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount %verify_permissions -e %{_bindir}/wall -e %{_bindir}/write -e %{_bindir}/mount -e %{_bindir}/umount
%if %{with sysvinit_tools} %if %{with sysvinit_tools}
%verify_permissions -e /usr/bin/su %verify_permissions -e %{_bindir}/su
%endif %endif
%if %{with enable_eject} %if %{with enable_eject}
%verify_permissions -e /usr/bin/eject %verify_permissions -e %{_bindir}/eject
%endif %endif
%post -n libblkid1 -p /sbin/ldconfig %post -n libblkid1 -p /sbin/ldconfig
@ -481,8 +493,8 @@ fi
%postun -n libmount1 -p /sbin/ldconfig %postun -n libmount1 -p /sbin/ldconfig
%pre -n uuidd %pre -n uuidd
/usr/sbin/groupadd -r uuidd 2>/dev/null || : %{_sbindir}/groupadd -r uuidd 2>/dev/null || :
/usr/sbin/useradd -r -g uuidd -c "User for uuidd" \ %{_sbindir}/useradd -r -g uuidd -c "User for uuidd" \
-d /var/run/uuidd uuidd 2>/dev/null || : -d /var/run/uuidd uuidd 2>/dev/null || :
%preun -n uuidd %preun -n uuidd
@ -493,7 +505,7 @@ fi
%if 0%{?suse_version} <= 1130 %if 0%{?suse_version} <= 1130
%run_permissions %run_permissions
%else %else
%set_permissions /usr/sbin/uuidd %set_permissions %{_sbindir}/uuidd
%endif %endif
%postun -n uuidd %postun -n uuidd
@ -505,7 +517,7 @@ fi
%postun -n libuuid1 -p /sbin/ldconfig %postun -n libuuid1 -p /sbin/ldconfig
%verifyscript -n uuidd %verifyscript -n uuidd
%verify_permissions -e /usr/sbin/uuidd %verify_permissions -e %{_sbindir}/uuidd
%files lang -f %{name}.lang %files lang -f %{name}.lang
@ -530,8 +542,13 @@ fi
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw %config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw
%config(noreplace) %{_sysconfdir}/filesystems %config(noreplace) %{_sysconfdir}/filesystems
%config(noreplace) %{_sysconfdir}/blkid.conf %config(noreplace) %{_sysconfdir}/blkid.conf
%config(noreplace) /etc/pam.d/login %config(noreplace) %{_sysconfdir}/pam.d/login
%config(noreplace) /etc/pam.d/remote %config(noreplace) %{_sysconfdir}/pam.d/remote
%if %{with enable_su}
%config(noreplace) %{_sysconfdir}/pam.d/su
%config(noreplace) %{_sysconfdir}/pam.d/su-l
%config(noreplace) %{_sysconfdir}/default/su
%endif
#UsrMerge #UsrMerge
%if %{with enable_su} %if %{with enable_su}
/bin/kill /bin/kill