emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from

Browse Source 
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
	entry if the pid matches and ut_line matches with the current tty.
	This fixes a possible DOS when entries can be forged in the utmp
	file.
	* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
	tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
This commit is contained in:
nekral-guest
2008-11-22 23:56:11 +00:00
parent eb4097180b
commit a324a7f13f
5 changed files with 49 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@@ -2,6 +2,14 @@
* NEWS, libmisc/chowntty.c: Fix a race condition that could lead to
gaining ownership or changing mode of arbitrary files.
* NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
entry if the pid matches and ut_line matches with the current tty.
This fixes a possible DOS when entries can be forged in the utmp
file.
* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
does not need this argument anymore.
2008-10-11 Nicolas François <nicolas.francois@centraliens.net>