Commit Graph

2231 Commits

Author SHA1 Message Date
Serge Hallyn
8e51ec9ee4 Merge pull request #72 from stoeckmann/su-regression
Reset pid_child only if waitpid was successful.
2017-05-14 11:41:40 -05:00
Tobias Stoeckmann
7d82f203ee Reset pid_child only if waitpid was successful.
Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.

This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.

Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2017-05-14 17:58:10 +02:00
Serge Hallyn
c07711de1d Merge pull request #71 from lamby/sp_lstchg-reproducible-857803
Make the sp_lstchg shadow field reproducible.
2017-04-19 17:11:32 -05:00
Chris Lamb
cb610d54b4 Make the sp_lstchg shadow field reproducible.
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

   username:17238:0:99999:7:::

whilst creating the same user tomorrow will result in:

    username:17239:0:99999:7:::

This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.

 [0] https://reproducible-builds.org/
 [1] https://reproducible-builds.org/specs/source-date-epoch/

Signed-off-by: Chris Lamb <lamby@debian.org>
2017-04-10 22:29:21 +01:00
Serge Hallyn
2f36da5201 Merge pull request #70 from t8m/master
Fix buffer overflow if NULL line is present in db.
2017-04-01 15:46:05 -05:00
Tomas Mraz
954e3d2e71 Fix buffer overflow if NULL line is present in db.
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
2017-03-31 16:25:06 +02:00
Serge Hallyn
830ae266c4 Merge pull request #68 from yurayko/master
updated russian translation
2017-03-27 08:24:40 -05:00
Serge Hallyn
6eae751e70 user_busy: fix missing close of subuid file on error
Closes #69

Reported-by: plenkow
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-03-23 17:07:46 -05:00
Yuri Kozlov
f0e0c35f2b Merge branch 'master' of https://github.com/yurayko/shadow 2017-03-18 10:42:12 +03:00
Yuri Kozlov
dc8253450d updated russian translation 2017-03-18 10:41:13 +03:00
yurayko
8d28d8cca0 Update ru.po 2017-03-18 11:27:34 +04:00
yurayko
274afc2c61 Update ru.po 2017-03-18 11:17:56 +04:00
Yuri Kozlov
5717fe9ca8 updated russian translation 2017-03-05 11:17:27 +03:00
fariouche
b6b2c756c9 add --prefix option 2017-03-01 22:51:09 +01:00
Serge Hallyn
db57db52cf changelog for last commit 2017-02-23 13:44:27 -06:00
Tobias Stoeckmann
08fd4b69e8 su: properly clear child PID
If su is compiled with PAM support, it is possible for any local user
to send SIGKILL to other processes with root privileges. There are
only two conditions. First, the user must be able to perform su with
a successful login. This does NOT have to be the root user, even using
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
can only be sent to processes which were executed after the su process.
It is not possible to send SIGKILL to processes which were already
running. I consider this as a security vulnerability, because I was
able to write a proof of concept which unlocked a screen saver of
another user this way.
2017-02-23 09:47:29 -06:00
Serge Hallyn
24130c882d Merge pull request #67 from AdamMajer/upstream
Print error on exec failure + cosmetic changes
2017-02-21 14:37:42 -06:00
Adam Majer
759f94e17a Remove extra parenthesis 2017-02-20 14:50:30 +01:00
Adam Majer
90c0525c7e Remove unnecessary static variable usage 2017-02-20 14:48:55 +01:00
Josef Möllers
5ac4918bdd Add error handling in case exec fails
We should print error message if exec fails, for some reason.
2017-02-20 14:32:37 +01:00
Serge Hallyn
3f9af9deb9 Update changelog 2017-02-11 09:03:56 -06:00
David Michael
c6b0664f52 useradd: Read defaults after changing root directories
This reverts the behavior of "useradd --root" to using the settings
from login.defs in the target root directory, not the root of the
executed useradd command.
2017-02-11 08:59:49 -06:00
Josef Moellers
e36c0a418a Deleted a misplaced semicolon. 2017-02-11 08:55:07 -06:00
Baurzhan Muftakhidinov
efc8c61f75 Update Kazakh translation
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-02-08 16:40:53 -06:00
Serge Hallyn
44c690cd9a Merge pull request #59 from rbalint/master
Patches from the Debian BTS
2017-02-04 20:27:17 -06:00
Serge Hallyn
f84a88a824 Update changelog 2017-01-29 14:49:03 -06:00
Bernhard Rosenkränzer
c33ceddc26 Don't crash on bogus keys in login.defs if PAM is enabled
Without this patch, PAM enabled builds crash when encountering an
invalid key in login.defs or key overrides because of array overflows

To reproduce, simply
	useradd -K Windows=broken

Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:47:24 -06:00
Jakub Wilk
6a750c7a50 zh_TW.po: Remove duplicated Plural-Forms
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:42:35 -06:00
Serge Hallyn
f288c4fcef Changelog for last commit 2017-01-29 14:38:44 -06:00
Tomas Mraz
ee9e506af2 Make the group and user allocation more effective.
Previously, the allocation was optimized for an outdated
deployment style (that of /etc/group alongside nss_db). The issue
here is that this results in extremely poor performance when using
SSSD, Winbind or nss_ldap.

There were actually two serious bugs here that have been addressed:

1) Running getgrent() loops won't work in most SSSD or Winbind
environments, as full group enumeration is disabled by default.
This could easily result in auto-allocating a group that was
already in use. (This might result in a security issue as well, if
the shared GID is a privileged group).

2) For system groups, the loop was always iterating through the
complete SYS_GID_MIN->SYS_GID_MAX range. On SSSD and Winbind, this
means hundreds of round-trips to LDAP (unless the GIDs were
specifically configured to be ignored by the SSSD or winbindd).
To a user with a slow connection to their LDAP server, this would
appear as if groupadd -r was hung. (Though it would eventually
complete).

This patch changes the algorithm to be more favorable for LDAP
environments, at the expense of some performance when using nss_db.
Given that the DB is a local service, this should have a negligible
effect from a user's perspective.

With the new algorithm, we simply first iterate through all entries
in the local database with gr_next(), recording the IDs that are in
use. We then start from the highest presumed-available entry and
call getgrgid() to see if it is available. We continue this until
we come to the first unused GID. We then select that and return it.

If we make it through all the remaining IDs without finding a free
one, we start over from the beginning of the range and try to find
room in one of the gaps in the range.

The patch was originally written by Stephen Gallagher and applied
identically also to the user allocation by Tomáš Mráz.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:37:21 -06:00
Lars Bahner
8a122a90fa Fix some spelling issues in the Norwegian translation 2017-01-19 18:44:54 +01:00
Thomas Blein
45f141ce69 French manpage translation 2017-01-19 17:39:42 +01:00
Holger Wansing
a9824dc6a3 Update for German man pages 2017-01-19 17:36:55 +01:00
Miroslav Kuře
84228eaeda Updated Czech translation 2017-01-19 17:26:22 +01:00
Frans Spiesschaert
c739407f92 Dutch translation update 2017-01-19 17:15:11 +01:00
Micah Anderson
578d495f91 Last bits of enabling subuids
This patch has been carried by Debian, originally
submitted to BTS in #739981
2017-01-18 18:06:05 +01:00
Simon Kainz
bdd68116b7 Typos fix in german translation of man pages
Reported to Debian BTS in #734609
2017-01-18 17:24:44 +01:00
Balint Reczey
c8508fabd0 Replace user´s -> user's to make login.def files valid ASCII instead of UTF-8
The Unicode character caused issues in LANG=C environment.
See Debian bug #850338 for details.
2017-01-18 16:54:51 +01:00
Serge Hallyn
36bc770ed4 Update changelog 2016-12-21 12:58:05 -06:00
Serge Hallyn
5701e147ef Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore
Closes #23

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:45:50 -06:00
Serge Hallyn
5fc99f02cf Merge pull request #58 from juiceme/master
shadow: Add auditing support to su
2016-12-21 12:41:39 -06:00
Serge Hallyn
411f540590 Fix s/from/to/ in usermod.c error message
Closes #49

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:40:08 -06:00
Michael Vetter
b2bd56a012 Reset user in tallylog
The useradd application resets the user data in /var/log/faillog, if it
exists and a new user is created.

pam_tally2 is used in many distributions.

Check for /var/log/tallylog and reset the user there.

Patch was written by Josef Moellers <jmoellers@suse.de>.

https://bugzilla.suse.com/show_bug.cgi?id=980486
2016-12-21 12:36:11 -06:00
Jussi Ohenoja
a3bf32fe87 shadow: Add auditing support to su
This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>
2016-12-13 18:44:19 +02:00
Serge Hallyn
9e93c984f7 Merge pull request #17 from wking/includes-to-am-cppflags
*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS
2016-12-07 00:01:54 -06:00
Serge Hallyn
d7ce9430ca Revert "Add files via upload"
This has caused build errors.  Please feel free to re-submit.

This reverts commit 93e3044c6d.
2016-12-06 23:31:58 -06:00
Serge Hallyn
0fb53623a5 Merge pull request #55 from glensc/travis2
enable travis integration
2016-12-06 23:27:19 -06:00
Serge Hallyn
9ad34243aa Merge pull request #52 from vapier/master
autotools refresh
2016-12-06 23:24:42 -06:00
Serge Hallyn
06f719e501 Merge pull request #53 from vapier/prototypes
include getdef.h for getdef_bool prototype
2016-12-06 23:23:17 -06:00
Elan Ruusamäe
f439149cb3 run travis 2016-12-06 01:09:17 +02:00