diff options
| author | Steve Langasek <vorlon@debian.org> | 2011-10-30 06:55:21 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 22:11:47 -0800 |
| commit | c496f9d5d5981ddb151f1060bb564c5fb710370e (patch) | |
| tree | ba5aadad1d3291f652316d15be70239ebd001908 | |
| parent | 335d173fc55b201513a1c27497f049048cc93083 (diff) | |
| download | pam-c496f9d5d5981ddb151f1060bb564c5fb710370e.tar.gz pam-c496f9d5d5981ddb151f1060bb564c5fb710370e.tar.bz2 pam-c496f9d5d5981ddb151f1060bb564c5fb710370e.zip | |
debian/patches-applied/hurd_no_setfsuid: we don't want to check all
setre*id() calls; we know that there are situations where some of these
may fail but we don't care. As long as the last setre*id() call in each
set succeeds, that's the state we mean to be in.
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/patches-applied/hurd_no_setfsuid | 26 |
2 files changed, 19 insertions, 16 deletions
diff --git a/debian/changelog b/debian/changelog index 3e4f3eb5..75144a8c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +pam (1.1.3-6) UNRELEASED; urgency=low + + * debian/patches-applied/hurd_no_setfsuid: we don't want to check all + setre*id() calls; we know that there are situations where some of these + may fail but we don't care. As long as the last setre*id() call in each + set succeeds, that's the state we mean to be in. + + -- Steve Langasek <vorlon@debian.org> Sun, 30 Oct 2011 06:53:29 -0700 + pam (1.1.3-5) unstable; urgency=low [ Kees Cook ] diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid index 8a27b296..a2bf783c 100644 --- a/debian/patches-applied/hurd_no_setfsuid +++ b/debian/patches-applied/hurd_no_setfsuid @@ -5,10 +5,10 @@ Authors: Steve Langasek <vorlon@debian.org> Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv are implemented -Index: pam-debian/libpam/pam_modutil_priv.c +Index: pam.debian/libpam/pam_modutil_priv.c =================================================================== ---- pam-debian.orig/libpam/pam_modutil_priv.c 2011-10-10 16:21:57.858599186 -0700 -+++ pam-debian/libpam/pam_modutil_priv.c 2011-10-10 17:31:02.805686298 -0700 +--- pam.debian.orig/libpam/pam_modutil_priv.c ++++ pam.debian/libpam/pam_modutil_priv.c @@ -14,7 +14,9 @@ #include <syslog.h> #include <pwd.h> @@ -19,7 +19,7 @@ Index: pam-debian/libpam/pam_modutil_priv.c /* * Two setfsuid() calls in a row are necessary to check -@@ -22,17 +24,61 @@ +@@ -22,17 +24,55 @@ */ static int change_uid(uid_t uid, uid_t *save) { @@ -37,13 +37,10 @@ Index: pam-debian/libpam/pam_modutil_priv.c + if (setreuid(euid, uid)) + return -1; + else { -+ if (setreuid(0, -1)) -+ return -1; ++ setreuid(0, -1); + if (setreuid(-1, uid)) { -+ if (setreuid(-1, 0)) -+ return -1; -+ if (setreuid(0, -1)) -+ return -1; ++ setreuid(-1, 0); ++ setreuid(0, -1); + if (setreuid(-1, uid)) + return -1; + } @@ -66,13 +63,10 @@ Index: pam-debian/libpam/pam_modutil_priv.c + if (setregid(egid, gid)) + return -1; + else { -+ if (setregid(0, -1)) -+ return -1; ++ setregid(0, -1); + if (setregid(-1, gid)) { -+ if (setregid(-1, 0)) -+ return -1; -+ if (setregid(0, -1)) -+ return -1; ++ setregid(-1, 0); ++ setregid(0, -1); + if (setregid(-1, gid)) + return -1; + } |