Commit Graph

2211 Commits

Author SHA1 Message Date
Josh Soref
f8d4b66edd spelling: better 2017-10-22 08:05:08 +00:00
Josh Soref
483de7d614 spelling: beginning 2017-10-22 08:04:51 +00:00
Josh Soref
a95ed40bf0 spelling: available 2017-10-22 08:02:00 +00:00
Josh Soref
686efcfcb1 spelling: attributes 2017-10-22 07:59:41 +00:00
Josh Soref
bd6f2760a3 spelling: at the 2017-10-22 08:00:59 +00:00
Josh Soref
15631009b4 spelling: applied 2017-10-22 07:57:56 +00:00
Josh Soref
8eb822ebf3 spelling: anonymous 2017-10-22 07:56:49 +00:00
Josh Soref
aa95b1b763 spelling: always 2017-10-22 07:56:16 +00:00
Josh Soref
92e3a5e386 spelling: allowed 2017-10-22 07:56:05 +00:00
Josh Soref
4c22dcfbfd spelling: address 2017-10-22 07:55:43 +00:00
Josh Soref
4f459198db spelling: account 2017-10-22 07:52:04 +00:00
Serge Hallyn
056f7352ef Merge pull request #86 from WheresAlice/master
Make language more inclusive
2017-10-06 17:47:31 -05:00
Serge Hallyn
0c2939b331 Merge pull request #82 from t8m/ingroup
newgrp: avoid unnecessary group lookups
2017-10-06 17:45:31 -05:00
Serge Hallyn
68e3d685fd Merge pull request #84 from jubalh/mentionman
Add note about conditional man pages
2017-10-06 17:43:47 -05:00
Serge Hallyn
0209d3f185 Merge pull request #85 from jubalh/nosilent
Add warning when turning off man switch
2017-09-29 10:08:47 -05:00
Michael Vetter
ef6890c31d Add error when turning off man switch
Print a warning and abort in case xsltproc is missing.
2017-09-29 11:01:39 +02:00
WheresAlice
1e98b3b559 Make language less binary 2017-09-20 17:00:29 +01:00
Michael Vetter
223238d265 Add note about conditional man pages
Closes https://github.com/shadow-maint/shadow/issues/83
2017-09-08 22:14:17 +02:00
Tomas Mraz
33f1f69e9c newgrp: avoid unnecessary group lookups
In case a system uses remote identity server (LDAP) the group lookup
can be very slow. We avoid it when we already know the user has the
group membership.
2017-08-14 11:38:46 +02:00
Serge Hallyn
fb04f2723a nl.po: fix some missing newlines
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-07-16 17:09:00 -05:00
Serge Hallyn
78d4265f65 Import new Dutch translations.
Thanks to Frans Spiesschaert.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-07-16 16:46:21 -05:00
Serge Hallyn
c2aed5345e update changelog for last commit 2017-07-10 21:52:02 -05:00
sbts
2392894eb0 add error constant names to groupmod.8.xml This assists someone wanting to work out what may have caused the error 2017-07-10 21:50:49 -05:00
sbts
59fa2c0763 implement and document additional error codes for groupmod add E_CLEANUP_SERVICE, E_PAM_USERNAME, E_PAM_ERROR to groupmod.c and groupmod.8.xml 2017-07-10 21:50:49 -05:00
Serge Hallyn
7081b2df85 Merge pull request #74 from AdamMajer/upstream
support dynamically added users via pam_group
2017-06-15 22:41:25 -05:00
Serge Hallyn
1f34221552 Merge pull request #76 from edmorley/fix-changelog-dates
Correct wrong year in ChangeLog dates
2017-06-15 22:38:01 -05:00
Ed Morley
c43681a068 Correct wrong year in ChangeLog dates
The recently added entries were actually for 2017.
2017-06-15 14:34:46 +01:00
Adam Majer
992fab50ee support dynamically added users via pam_group
Dynamically added users via pam_group are not listed in groups
databases but are still valid.
2017-05-22 13:42:35 +02:00
Serge Hallyn
15be89f89d release 4.5 2017-05-17 14:33:02 -05:00
Serge Hallyn
d2902c8d3b update Changelog 2017-05-17 14:27:48 -05:00
Serge Hallyn
8e51ec9ee4 Merge pull request #72 from stoeckmann/su-regression
Reset pid_child only if waitpid was successful.
2017-05-14 11:41:40 -05:00
Tobias Stoeckmann
7d82f203ee Reset pid_child only if waitpid was successful.
Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.

This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.

Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2017-05-14 17:58:10 +02:00
Serge Hallyn
c07711de1d Merge pull request #71 from lamby/sp_lstchg-reproducible-857803
Make the sp_lstchg shadow field reproducible.
2017-04-19 17:11:32 -05:00
Chris Lamb
cb610d54b4 Make the sp_lstchg shadow field reproducible.
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

   username:17238:0:99999:7:::

whilst creating the same user tomorrow will result in:

    username:17239:0:99999:7:::

This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.

 [0] https://reproducible-builds.org/
 [1] https://reproducible-builds.org/specs/source-date-epoch/

Signed-off-by: Chris Lamb <lamby@debian.org>
2017-04-10 22:29:21 +01:00
Serge Hallyn
2f36da5201 Merge pull request #70 from t8m/master
Fix buffer overflow if NULL line is present in db.
2017-04-01 15:46:05 -05:00
Tomas Mraz
954e3d2e71 Fix buffer overflow if NULL line is present in db.
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
2017-03-31 16:25:06 +02:00
Serge Hallyn
830ae266c4 Merge pull request #68 from yurayko/master
updated russian translation
2017-03-27 08:24:40 -05:00
Serge Hallyn
6eae751e70 user_busy: fix missing close of subuid file on error
Closes #69

Reported-by: plenkow
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-03-23 17:07:46 -05:00
Yuri Kozlov
f0e0c35f2b Merge branch 'master' of https://github.com/yurayko/shadow 2017-03-18 10:42:12 +03:00
Yuri Kozlov
dc8253450d updated russian translation 2017-03-18 10:41:13 +03:00
yurayko
8d28d8cca0 Update ru.po 2017-03-18 11:27:34 +04:00
yurayko
274afc2c61 Update ru.po 2017-03-18 11:17:56 +04:00
Yuri Kozlov
5717fe9ca8 updated russian translation 2017-03-05 11:17:27 +03:00
fariouche
b6b2c756c9 add --prefix option 2017-03-01 22:51:09 +01:00
Serge Hallyn
db57db52cf changelog for last commit 2017-02-23 13:44:27 -06:00
Tobias Stoeckmann
08fd4b69e8 su: properly clear child PID
If su is compiled with PAM support, it is possible for any local user
to send SIGKILL to other processes with root privileges. There are
only two conditions. First, the user must be able to perform su with
a successful login. This does NOT have to be the root user, even using
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
can only be sent to processes which were executed after the su process.
It is not possible to send SIGKILL to processes which were already
running. I consider this as a security vulnerability, because I was
able to write a proof of concept which unlocked a screen saver of
another user this way.
2017-02-23 09:47:29 -06:00
Serge Hallyn
24130c882d Merge pull request #67 from AdamMajer/upstream
Print error on exec failure + cosmetic changes
2017-02-21 14:37:42 -06:00
Adam Majer
759f94e17a Remove extra parenthesis 2017-02-20 14:50:30 +01:00
Adam Majer
90c0525c7e Remove unnecessary static variable usage 2017-02-20 14:48:55 +01:00
Josef Möllers
5ac4918bdd Add error handling in case exec fails
We should print error message if exec fails, for some reason.
2017-02-20 14:32:37 +01:00