[Pkg-shadow-commits] r184 - trunk/debian/patches

Nicolas FRANCOIS pkg-shadow-devel@lists.alioth.debian.org
Mon, 30 May 2005 22:00:52 +0000 

Author: nekral-guest
Date: 2005-05-30 22:00:52 +0000 (Mon, 30 May 2005)
New Revision: 184

Added:
   trunk/debian/patches/008_su_ignore_SIGINT
   trunk/debian/patches/008_su_uid_0_not_root
Modified:
   trunk/debian/patches/008_src.dpatch
   trunk/debian/patches/series
Log:
Separate 2 more patches for src/su.c from 008_src.dpatch:
  008_su_uid_0_not_root
  008_su_ignore_SIGINT


Modified: trunk/debian/patches/008_src.dpatch
===================================================================
--- trunk/debian/patches/008_src.dpatch	2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/008_src.dpatch	2005-05-30 22:00:52 UTC (rev 184)
@@ -26,8 +26,8 @@
 
 Index: shadow-4.0.3/src/su.c
 ===================================================================
---- shadow-4.0.3.orig/src/su.c	2005-05-30 01:18:47.957531000 +0200
-+++ shadow-4.0.3/src/su.c	2005-05-30 01:18:48.007531000 +0200
+--- shadow-4.0.3.orig/src/su.c	2005-05-30 23:13:57.716974000 +0200
++++ shadow-4.0.3/src/su.c	2005-05-30 23:17:27.126974000 +0200
 @@ -49,6 +49,7 @@
  #include <grp.h>
  #include <signal.h>
@@ -221,8 +221,8 @@
 -		argc--;
 -		argv++;		/* shift ... */
 +		++optind;
-+	}
-+
+ 	}
+ 
 +	if (optind < argc)
 +		strncpy(name, argv[optind++], sizeof(name) - 1);
 +	else {
@@ -232,15 +232,15 @@
 +		  su_failure(tty);
 +		}
 +                strcpy(name, root_pw->pw_name);
- 	}
- 
++	}
++
 +	if (optind < argc)
 +		additional_args = argv + optind;
 +
  	/*
  	 * If a new login is being set up, the old environment will be
  	 * ignored and a new one created later on.
-@@ -258,23 +404,6 @@
+@@ -258,30 +404,6 @@
  	}
  
  	/*
@@ -256,7 +256,14 @@
 -		argv++;		/* shift ... */
 -	}
 -	if (!name[0])		/* use default user ID */
--		(void) strcpy (name, "root");
+-	{
+-		struct passwd *root_pw = getpwuid(0);
+-		if (root_pw == NULL) {
+-			SYSLOG((LOG_CRIT, "There is no UID 0 user."));
+-			su_failure(tty)
+-		}
+-		strcpy(name, root_pw->pw_name);
+-	}
 -
 -	doshell = argc == 0;	/* any arguments remaining? */
 -
@@ -264,7 +271,7 @@
  	 * Get the user's real name. The current UID is used to determine
  	 * who has executed su. That user ID must exist.
  	 */
-@@ -399,9 +528,17 @@
+@@ -406,8 +528,15 @@
  	 * Set the default shell.
  	 */
  
@@ -278,13 +285,11 @@
 +	if (shell != 0 && getuid () && restricted_shell (pwent.pw_shell))
 +		shell = 0;
 +	if (shell == 0)
-+	shell = (char *) strdup (pwent.pw_shell);
++		shell = (char *) strdup (pwent.pw_shell);
  
-+	signal(SIGINT, SIG_IGN);
  #ifdef USE_PAM
  	ret = pam_authenticate (pamh, 0);
- 	if (ret != PAM_SUCCESS) {
-@@ -507,10 +644,14 @@
+@@ -514,10 +643,14 @@
  	}
  #endif
  
@@ -303,7 +308,7 @@
  
  	if (pwent.pw_shell[0] == '*') {	/* subsystem root required */
  		pwent.pw_shell++;	/* skip the '*' */
-@@ -573,13 +714,13 @@
+@@ -580,13 +713,13 @@
  		exit (1);
  #endif				/* !USE_PAM */
  
@@ -323,7 +328,7 @@
  	}
  #endif
  
-@@ -592,46 +733,6 @@
+@@ -599,46 +732,6 @@
  	 */
  	closelog ();
  

Added: trunk/debian/patches/008_su_ignore_SIGINT
===================================================================
--- trunk/debian/patches/008_su_ignore_SIGINT	2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/008_su_ignore_SIGINT	2005-05-30 22:00:52 UTC (rev 184)
@@ -0,0 +1,21 @@
+Goal: Ignore SIGINT while authenticating. A ^C could defeat the waiting
+      period and permit brute-force attacks.
+Fixes: 52372
+
+Status wrt upstream: It should be forwarded to upstream.
+
+Note: Even with a waiting period, a brute-force attack can be performed
+      by parralelizing attacks.  The gain in security is minor.
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c	2005-05-30 22:57:55.776974000 +0200
++++ shadow-4.0.3/src/su.c	2005-05-30 22:58:36.326974000 +0200
+@@ -538,6 +538,7 @@
+ 	if (shell == 0)
+ 		shell = (char *) strdup (pwent.pw_shell);
+ 
++	signal(SIGINT, SIG_IGN);
+ #ifdef USE_PAM
+ 	ret = pam_authenticate (pamh, 0);
+ 	if (ret != PAM_SUCCESS) {

Added: trunk/debian/patches/008_su_uid_0_not_root
===================================================================
--- trunk/debian/patches/008_su_uid_0_not_root	2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/008_su_uid_0_not_root	2005-05-30 22:00:52 UTC (rev 184)
@@ -0,0 +1,25 @@
+Goal: don't assume uid 0 == "root", use getpwuid to fetch it
+Fixes: #81924
+
+Status wrt upstream: It should be forwarded to upstream.
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c	2005-05-30 23:07:20.196974000 +0200
++++ shadow-4.0.3/src/su.c	2005-05-30 23:13:57.716974000 +0200
+@@ -270,7 +270,14 @@
+ 		argv++;		/* shift ... */
+ 	}
+ 	if (!name[0])		/* use default user ID */
+-		(void) strcpy (name, "root");
++	{
++		struct passwd *root_pw = getpwuid(0);
++		if (root_pw == NULL) {
++			SYSLOG((LOG_CRIT, "There is no UID 0 user."));
++			su_failure(tty)
++		}
++		strcpy(name, root_pw->pw_name);
++	}
+ 
+ 	doshell = argc == 0;	/* any arguments remaining? */
+ 

Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series	2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/series	2005-05-30 22:00:52 UTC (rev 184)
@@ -5,7 +5,9 @@
 005_manpages.dpatch
 006_libmisc.dpatch
 008_su_addenv_HOME_and_SHELL
+008_su_uid_0_not_root
 008_src.dpatch
+008_su_ignore_SIGINT
 008_su_check_user_earlier
 008_su_no_sanitize_env
 008_su_get_PAM_username