emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, src/login.c: Do not trust the current utmp entry's ut_line

Browse Source 
to set PAM_TTY.
This commit is contained in:
nekral-guest 2009-04-17 20:40:26 +00:00
parent c49371e423
commit 5298ac3dd9
3 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,17 +1,22 @@
2009-04-17 Paul Szabo <psz@maths.usyd.edu.au>
* NEWS, src/login.c: Do not trust the current utmp entry's ut_line
to set PAM_TTY.
2009-04-15 Nicolas François <nicolas.francois@centraliens.net> 2009-04-15 Nicolas François <nicolas.francois@centraliens.net>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated. * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files. * po/*.po, man/po/*.po: Updated PO files.
* configure.in: Updated version number. * configure.in: Updated version number.
2009-04-15 Peter Vrabec <pvrabec@redhat.com> 2009-04-15 Peter Vrabec <pvrabec@redhat.com>
* NEWS, src/userdel.c: Fixed SE Linux support. semanage should be * NEWS, src/userdel.c: Fixed SE Linux support. semanage should be
called at the end. called at the end.
* src/useradd.c: Always call selinux_update_mapping() (i.e. * src/useradd.c: Always call selinux_update_mapping() (i.e.
semanage), not only when -Z is used. semanage), not only when -Z is used.
2009-04-15 Peter Vrabec <pvrabec@redhat.com> 2009-04-15 Peter Vrabec <pvrabec@redhat.com>
* NEWS, srclib/getlong.c: Fix parsing of octal numbers. * NEWS, srclib/getlong.c: Fix parsing of octal numbers.

6
NEWS
View File

@ -1,5 +1,11 @@
$Id$ $Id$
shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15 shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
*** security: *** security:

13
src/login.c
View File

@ -416,6 +416,7 @@ static RETSIGTYPE alarm_handler (unused int sig)
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
{ {
const char *tmptty;
char tty[BUFSIZ]; char tty[BUFSIZ];
#ifdef RLOGIN #ifdef RLOGIN
@ -479,7 +480,13 @@ int main (int argc, char **argv)
* entry (will not overwrite remote hostname). --marekm * entry (will not overwrite remote hostname). --marekm
*/ */
checkutmp (!amroot); checkutmp (!amroot);
STRFCPY (tty, utent.ut_line);
tmptty = ttyname (0);
if (NULL == tmptty) {
tmptty = "UNKNOWN";
}
STRFCPY (tty, tmptty);
#ifndef USE_PAM #ifndef USE_PAM
is_console = console (tty); is_console = console (tty);
#endif #endif
@ -1093,7 +1100,7 @@ int main (int argc, char **argv)
#ifndef USE_PAM /* pam_lastlog handles this */ #ifndef USE_PAM /* pam_lastlog handles this */
if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */ if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
dolastlog (&lastlog, &pwent, utent.ut_line, hostname); dolastlog (&lastlog, &pwent, tty, hostname);
} }
#endif #endif
@ -1147,7 +1154,7 @@ int main (int argc, char **argv)
if (getppid() == 1) { if (getppid() == 1) {
setsid(); setsid();
if (ioctl(0, TIOCSCTTY, 1) != 0) { if (ioctl(0, TIOCSCTTY, 1) != 0) {
fprintf (stderr,_("TIOCSCTTY failed on %s"),tty); fprintf (stderr, _("TIOCSCTTY failed on %s"), tty);
} }
} }