Commit Graph

2683 Commits

Author SHA1 Message Date
Serge Hallyn
abb879fd4f
Merge pull request #449 from hallyn/2021-11-27/libsubid-symbols
2021 11 27/libsubid symbols
2021-12-07 08:58:03 -06:00
KOSHIKAWA Kenichi
f7c2a54212 fixed typo in login.defs 2021-12-06 01:41:17 +09:00
Serge Hallyn
c628caf174
Merge pull request #408 from bjorn-fischer/ambient_caps
Add support for ambient capabilities
2021-12-05 08:05:06 -06:00
Björn Fischer
6938bab429 Call pam_end() after fork in child code path
This conforms to PAM documentation and it is needed to support
ambient capabilities with PAM + libcap-2.58+.

Signed-off-by: Björn Fischer <bf@CeBiTec.Uni-Bielefeld.DE>
2021-12-05 08:03:56 -06:00
Serge Hallyn
0c9f641408 Show libsubid api version in subid.h
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-12-05 08:02:57 -06:00
Serge Hallyn
19f08785f0
Merge pull request #231 from gjzkrug/useradd-maildir-fix
Removed hard-coded default mail spool in useradd
2021-12-04 22:26:51 -06:00
Serge Hallyn
535f54076c
Merge pull request #450 from lnussel/master
useradd: assume uid 0 == root as fallback
2021-12-04 22:21:37 -06:00
Serge Hallyn
445e97ba7c Update email address for Julie Haugh 2021-12-04 22:20:23 -06:00
Ludwig Nussel
d12d300c98 useradd: assume uid 0 == root as fallback
In absence of /etc/passwd, eg when bootstrapping a chroot, resolving
uid 0 to a name may not work. Therefore just assume "root".
2021-11-30 17:14:14 +01:00
Serge Hallyn
32f641b207 Change the subid export symbols
Rename libsubid symbols to all be prefixed with subid_.

Don't export anything but the subid_*.

Closes #443

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-11-27 14:56:03 -06:00
Serge Hallyn
9724147344 undo accidental autogen.sh commit: enable-shared
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-11-27 14:56:03 -06:00
Serge Hallyn
dce030ffb8
Merge pull request #447 from ikerexxe/documentation
README: update content and format
2021-11-27 09:37:19 -06:00
Iker Pedrosa
1654f42194 README: update content and format
* Change to markdown format
* Include an introduction
* Remove the commit mailing list from the contacts
* Add the IRC channel to the contacts
* Move 'S/Key' section to doc/README.skey
* Move authors and maintainers to AUTHORS.md

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-22 15:31:54 +01:00
Serge Hallyn
3ff3cd9c78
Merge pull request #440 from stoeckmann/vipw
Improve child error handling
2021-11-22 07:33:57 -06:00
Serge Hallyn
3a0160beb0
Merge pull request #446 from ikerexxe/spw_free
lib: check NULL before freeing passwd data
2021-11-22 07:32:32 -06:00
Iker Pedrosa
d594243fbb lib: check NULL before freeing passwd data
Add an additional NULL check condition in spw_free() and pw_free() to
avoid freeing an already empty pointer.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-19 12:09:59 +01:00
Serge Hallyn
02916e9cb2
Merge pull request #435 from freedge/groupdelcore
groupdel: fix SIGSEGV when passwd does not exist
2021-11-18 10:30:46 -06:00
Serge Hallyn
1fdaf69376
Merge pull request #436 from ikerexxe/getsubids
getsubids: system binary for user's sub*ids
2021-11-18 07:32:10 -06:00
Iker Pedrosa
2fa4234fc7 README: add myself to the contributors list
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-17 16:40:18 +01:00
Iker Pedrosa
3b6ccf642c getsubids: system binary for user's sub*ids
Rename list_subid_ranges to getsubids to provide a system binary to
check the sub*ids of a user. The intention is to provide this binary
with any distribution that includes the subid feature, so that system
administrators can check the subid ranges of a given user.

Finally, add a man page to explain the behaviour of getsubids.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1980780

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-17 16:35:50 +01:00
Serge Hallyn
126fbe57bc
Merge pull request #437 from ikerexxe/newgrp_segfault
newgrp: fix segmentation fault
2021-11-17 08:18:13 -06:00
Serge Hallyn
6c3d4ebf6e
Merge pull request #439 from ikerexxe/useradd_skel_fix
useradd: change SELinux labels for home files
2021-11-17 08:17:34 -06:00
Serge Hallyn
eb366c255c
Merge pull request #442 from rbalint/fix-no-passwd-help
Fix typo in passwd --help's Norvegian translation
2021-11-17 08:15:04 -06:00
Serge Hallyn
6c4545544f
Merge pull request #445 from ikerexxe/pwck_segfault
pwck: fix segfault when calling fprintf()
2021-11-17 08:14:22 -06:00
Iker Pedrosa
d8e54618fe pwck: fix segfault when calling fprintf()
As shadow_logfd variable is not set at the beginning of the program if
something fails and fprintf() is called a segmentation fault happens.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-15 12:45:08 +01:00
Balint Reczey
adf7378d73 Fix typo in passwd --help's Norvegian translation
Thanks to Tollef Fog Heen for the bug report at https://bugs.debian.org/949862
2021-11-14 12:52:37 +01:00
Tobias Stoeckmann
624d57c08c Improve child error handling
Always set SIGCHLD handler to default, even if the caller of vipw has
set SIGCHLD to ignore. If SIGCHLD is ignored no zombie processes would
be created, which in turn could mean that kill is called with an already
recycled pid.

Proof of Concept:

1. Compile nochld:
 --
 #include <signal.h>
 #include <unistd.h>
 int main(void) {
 char *argv[] = { "vipw", NULL };
 signal(SIGCHLD, SIG_IGN);
 execvp("vipw", argv);
 return 1;
 }
 --
2. Run nochld
3. Suspend child vi, which suspends vipw too:
`kill -STOP childpid`
4. Kill vi:
`kill -9 childpid`
5. You can see with ps that childpid is no zombie but disappeared
6. Bring vipw back into foreground
`fg`

The kill call sends SIGCONT to "childpid" which in turn could have been
already recycled for another process.

This is definitely not a vulnerability. It would take super user
operations, at which point an attacker would have already elevated
permissions.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2021-11-14 12:01:32 +01:00
Iker Pedrosa
06eb4e4d76 useradd: change SELinux labels for home files
Change SELinux labels for files copied from the skeleton directory to
the home directory.

This could cause gnome's graphical user adding to fail without copying
the full skeleton files.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2022658

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-12 15:27:16 +01:00
Iker Pedrosa
497e90751b newgrp: fix segmentation fault
Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
that is immediately freed.

The error was committed in
e65cc6aebc

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-10 12:02:04 +01:00
François Rigault
a757b458ff groupdel: fix SIGSEGV when passwd does not exist
When using groupdel with a prefix, groupdel will attempt to read a
passwd file to look for any user in the group. When the file does not
exist it cores with segmentation fault.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1986111
2021-11-01 13:54:25 +01:00
Serge Hallyn
387da46d73
Merge pull request #423 from lrh2000/su-fix-sigkill
su: Fix never alarmed SIGKILL when session terminates
2021-10-31 12:36:03 -05:00
Serge Hallyn
b17a17c93d
Merge pull request #432 from galaxy4public/tcb-missing-chmod
Add missing chmod() for shadowtcb_move()
2021-10-30 11:02:12 -05:00
Serge Hallyn
1ff0b37134
Merge pull request #433 from stoeckmann/hushed
Handle malformed lines in hushlogins file.
2021-10-30 09:34:55 -05:00
Tobias Stoeckmann
63a96706b1 Handle malformed lines in hushlogins file.
If a line in hushlogins file, e.g. /etc/hushlogins, starts with
'\0', then current code performs an out of boundary write.
If the line lacks a newline at the end, then another character is
overridden.

With strcspn both cases are solved.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2021-10-29 19:50:38 +02:00
(GalaxyMaster)
a97399dd0a Add missing chmod()
During shadowtcb_move() the directory is temporarily changed to be
owned by root:root with permissions 0700.  After the change is done,
the ownership and permissions were supposed to be restored.  The
call for chown() was there, but the chmod() call was missing.  This
resulted in the broken TCB functionality.  The added chmod() fixes
the issue.
2021-10-28 11:16:59 +11:00
Serge Hallyn
f2476d3ce8
Merge pull request #430 from galaxy4public/libsubid-static
Fixes the linking issues when libsubid is static and linked to
2021-10-27 08:31:23 -05:00
(GalaxyMaster)
fc832e4648 Fixes the linking issues when libsubid is static and linked to
binaries that also define the Prog and shadow_logfd variables.
2021-10-27 20:14:42 +11:00
Serge Hallyn
7d02af944f
Merge pull request #422 from ikerexxe/home_selinux_user
Create the home and mail directories with SELinux user label
2021-10-26 20:08:21 -05:00
Serge Hallyn
82b5983301 Add Christian Brauner to SECURITY.md
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-10-25 14:26:37 -05:00
Iker Pedrosa
234af5cf67 semanage: close the selabel handle
Close the selabel handle to update the file_context. This means that the
file_context will be remmaped and used by selabel_lookup() to return
the appropriate context to label the home folder.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-10-25 09:55:31 +02:00
Iker Pedrosa
09c752f00f useradd: create directories after the SELinux user
Create the home and mail folders after the SELinux user has been set for
the added user. This will allow the folders to be created with the
SELinux user label.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-10-25 09:55:27 +02:00
Ruihan Li
5b4082d007 su: Fix never alarmed SIGKILL when session terminates
The buggy code was introduced nearly 5 years ago at the
commit 08fd4b69e8. The
desired behavior is that SIGKILL will be sent to the
child if it does not exit within 2 seconds after it
receives SIGTERM. However, SIGALRM is masked while
waiting for the child so it cannot wake the program
up after 2 seconds to send SIGKILL.

An example shows the buggy behavior, which exists in
Ubuntu 18.04 LTS (with login 1:4.5-1ubuntu2).
```bash
user1@localhost:~$ su user2 -c '
_term() {
  echo SIGTERM received
}
trap _term TERM

while true; do
  sleep 1
  echo still alive
done'
Password:
still alive

Session terminated, terminating shell...Terminated
SIGTERM received
still alive
still alive
still alive
still alive
```
(SIGTERM is sent in another user1's terminal by
executing `killall su`.)

Here is the desired behavior, which shows what the
commit fixes.
```bash
user1@localhost:~$ su user2 -c '
_term() {
  echo SIGTERM received
}
trap _term TERM

while true; do
  sleep 1
  echo still alive
done'
Password:
still alive

Session terminated, terminating shell...Terminated
SIGTERM received
still alive
still alive
 ...killed.
user1@localhost:~$ echo $?
255
```
2021-10-25 13:39:41 +08:00
Serge Hallyn
cdc8c1e25b
Create SECURITY.md
Barebones to unblock current reporters.
2021-10-23 09:34:48 -05:00
Serge Hallyn
4bec156db1
Merge pull request #426 from hallyn/2021-10-15/man 2021-10-20 15:16:06 -05:00
Serge Hallyn
33f85e93a1 manpages: fix 'File Formats and Conversions"
Closes #416

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-10-15 16:28:12 -05:00
Serge Hallyn
6be18d45e1 initial github actions attempt
Closes #415
2021-10-15 16:21:19 -05:00
Andy Zaugg
7e2b522a15 Added a new configurable LOG_INIT to useradd
In some circumstances I want the default behaviour of useradd to
not add user entries to the lastlog and faillog databases. Allowing
this options behaviour to be controlled by the config file
/etc/default/useradd.
2021-10-15 16:20:52 -05:00
Andy Zaugg
d7e2bd6fe1 Added documentation around CREATE_MAIL_SPOOL
Adding documentation aroud the parameter CREATE_MAIL_SPOOL in the
/etc/default/useradd file
2021-10-15 16:20:52 -05:00
Serge Hallyn
4ad2697cc4
Merge pull request #412 from ljmf00/fix-trailing-whitespaces
treewide: remove trailing whitespaces
2021-09-27 10:12:24 -05:00
Serge Hallyn
5bb28a0a7f
Merge pull request #417 from jubalh/doublefree
Only free sgent if it was initialized
2021-09-27 10:10:22 -05:00