diff options
author | Jan Rekorajski <baggins@sith.mimuw.edu.pl> | 2000-12-04 18:31:56 +0000 |
---|---|---|
committer | Jan Rekorajski <baggins@sith.mimuw.edu.pl> | 2000-12-04 18:31:56 +0000 |
commit | 823d30ab735392f8da3b19513f1d550fadfa3ef8 (patch) | |
tree | 662a02a6db40883c56d952fd796f06d0ca2e1469 /libpam | |
parent | e2f3fab72e13c7d1f3dd6ee803646a44bda8a6af (diff) | |
download | pam-823d30ab735392f8da3b19513f1d550fadfa3ef8.tar.gz pam-823d30ab735392f8da3b19513f1d550fadfa3ef8.tar.bz2 pam-823d30ab735392f8da3b19513f1d550fadfa3ef8.zip |
Relevant BUGIDs: 124385
Purpose of commit: security
Commit summary:
---------------
* use O_NOFOLLOW if available when opening debug log
Diffstat (limited to 'libpam')
-rw-r--r-- | libpam/include/security/_pam_macros.h | 49 | ||||
-rw-r--r-- | libpam/pam_malloc.c | 39 |
2 files changed, 64 insertions, 24 deletions
diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h index 7c3dde1d..2827fabf 100644 --- a/libpam/include/security/_pam_macros.h +++ b/libpam/include/security/_pam_macros.h @@ -64,6 +64,9 @@ do { \ #include <sys/types.h> #include <stdarg.h> #include <errno.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> /* * This is for debugging purposes ONLY. DO NOT use on live systems !!! @@ -81,37 +84,55 @@ static void _pam_output_debug_info(const char *file, const char *fn , const int line) { FILE *logfile; - int must_close = 1; - - if (!(logfile = fopen(_PAM_LOGFILE,"a"))) { + int must_close = 1, fd; + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { logfile = stderr; - must_close = 0; + must_close = 0; } fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); - if (must_close) { - fflush(logfile); + fflush(logfile); + if (must_close) fclose(logfile); - } } static void _pam_output_debug(const char *format, ...) { va_list args; FILE *logfile; - int must_close = 1; + int must_close = 1, fd; va_start(args, format); - if (!(logfile = fopen(_PAM_LOGFILE,"a"))) { - logfile = stderr; - must_close = 0; +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; } vfprintf(logfile, format, args); fprintf(logfile, "\n"); - if (must_close) { - fflush(logfile); + fflush(logfile); + if (must_close) fclose(logfile); - } va_end(args); } diff --git a/libpam/pam_malloc.c b/libpam/pam_malloc.c index 44d583e7..6b888747 100644 --- a/libpam/pam_malloc.c +++ b/libpam/pam_malloc.c @@ -2,8 +2,18 @@ * $Id$ * * $Log$ - * Revision 1.1 2000/06/20 22:11:18 agmorgan - * Initial revision + * Revision 1.2 2000/12/04 18:31:56 baggins + * + * Relevant BUGIDs: 124385 + * + * Purpose of commit: security + * + * Commit summary: + * --------------- + * * use O_NOFOLLOW if available when opening debug log + * + * Revision 1.1.1.1 2000/06/20 22:11:18 agmorgan + * Imported 0.72 Linux-PAM sources * * Revision 1.2 1998/12/27 04:34:23 morgan * reverting logging functions within libpam. Gone are the externally @@ -90,18 +100,27 @@ static void set_last_(const char *x, const char *f static void _pam_output_xdebug_info(void) { FILE *logfile; - int must_close = 1; - - if (!(logfile = fopen(_PAM_LOGFILE,"a"))) { - logfile = stderr; - must_close = 0; + int must_close = 1, fd; + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; } fprintf(logfile, "[%s:%s(%d)->%s()] ", last_file, last_call, last_line, last_fn); - if (must_close) { - fflush(logfile); + fflush(logfile); + if (must_close) fclose(logfile); - } } static void hinder(void) |