[Pkg-shadow-commits] r184 - trunk/debian/patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Mon, 30 May 2005 22:00:52 +0000
Author: nekral-guest
Date: 2005-05-30 22:00:52 +0000 (Mon, 30 May 2005)
New Revision: 184
Added:
trunk/debian/patches/008_su_ignore_SIGINT
trunk/debian/patches/008_su_uid_0_not_root
Modified:
trunk/debian/patches/008_src.dpatch
trunk/debian/patches/series
Log:
Separate 2 more patches for src/su.c from 008_src.dpatch:
008_su_uid_0_not_root
008_su_ignore_SIGINT
Modified: trunk/debian/patches/008_src.dpatch
===================================================================
--- trunk/debian/patches/008_src.dpatch 2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/008_src.dpatch 2005-05-30 22:00:52 UTC (rev 184)
@@ -26,8 +26,8 @@
Index: shadow-4.0.3/src/su.c
===================================================================
---- shadow-4.0.3.orig/src/su.c 2005-05-30 01:18:47.957531000 +0200
-+++ shadow-4.0.3/src/su.c 2005-05-30 01:18:48.007531000 +0200
+--- shadow-4.0.3.orig/src/su.c 2005-05-30 23:13:57.716974000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-30 23:17:27.126974000 +0200
@@ -49,6 +49,7 @@
#include <grp.h>
#include <signal.h>
@@ -221,8 +221,8 @@
- argc--;
- argv++; /* shift ... */
+ ++optind;
-+ }
-+
+ }
+
+ if (optind < argc)
+ strncpy(name, argv[optind++], sizeof(name) - 1);
+ else {
@@ -232,15 +232,15 @@
+ su_failure(tty);
+ }
+ strcpy(name, root_pw->pw_name);
- }
-
++ }
++
+ if (optind < argc)
+ additional_args = argv + optind;
+
/*
* If a new login is being set up, the old environment will be
* ignored and a new one created later on.
-@@ -258,23 +404,6 @@
+@@ -258,30 +404,6 @@
}
/*
@@ -256,7 +256,14 @@
- argv++; /* shift ... */
- }
- if (!name[0]) /* use default user ID */
-- (void) strcpy (name, "root");
+- {
+- struct passwd *root_pw = getpwuid(0);
+- if (root_pw == NULL) {
+- SYSLOG((LOG_CRIT, "There is no UID 0 user."));
+- su_failure(tty)
+- }
+- strcpy(name, root_pw->pw_name);
+- }
-
- doshell = argc == 0; /* any arguments remaining? */
-
@@ -264,7 +271,7 @@
* Get the user's real name. The current UID is used to determine
* who has executed su. That user ID must exist.
*/
-@@ -399,9 +528,17 @@
+@@ -406,8 +528,15 @@
* Set the default shell.
*/
@@ -278,13 +285,11 @@
+ if (shell != 0 && getuid () && restricted_shell (pwent.pw_shell))
+ shell = 0;
+ if (shell == 0)
-+ shell = (char *) strdup (pwent.pw_shell);
++ shell = (char *) strdup (pwent.pw_shell);
-+ signal(SIGINT, SIG_IGN);
#ifdef USE_PAM
ret = pam_authenticate (pamh, 0);
- if (ret != PAM_SUCCESS) {
-@@ -507,10 +644,14 @@
+@@ -514,10 +643,14 @@
}
#endif
@@ -303,7 +308,7 @@
if (pwent.pw_shell[0] == '*') { /* subsystem root required */
pwent.pw_shell++; /* skip the '*' */
-@@ -573,13 +714,13 @@
+@@ -580,13 +713,13 @@
exit (1);
#endif /* !USE_PAM */
@@ -323,7 +328,7 @@
}
#endif
-@@ -592,46 +733,6 @@
+@@ -599,46 +732,6 @@
*/
closelog ();
Added: trunk/debian/patches/008_su_ignore_SIGINT
===================================================================
--- trunk/debian/patches/008_su_ignore_SIGINT 2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/008_su_ignore_SIGINT 2005-05-30 22:00:52 UTC (rev 184)
@@ -0,0 +1,21 @@
+Goal: Ignore SIGINT while authenticating. A ^C could defeat the waiting
+ period and permit brute-force attacks.
+Fixes: 52372
+
+Status wrt upstream: It should be forwarded to upstream.
+
+Note: Even with a waiting period, a brute-force attack can be performed
+ by parralelizing attacks. The gain in security is minor.
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-05-30 22:57:55.776974000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-30 22:58:36.326974000 +0200
+@@ -538,6 +538,7 @@
+ if (shell == 0)
+ shell = (char *) strdup (pwent.pw_shell);
+
++ signal(SIGINT, SIG_IGN);
+ #ifdef USE_PAM
+ ret = pam_authenticate (pamh, 0);
+ if (ret != PAM_SUCCESS) {
Added: trunk/debian/patches/008_su_uid_0_not_root
===================================================================
--- trunk/debian/patches/008_su_uid_0_not_root 2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/008_su_uid_0_not_root 2005-05-30 22:00:52 UTC (rev 184)
@@ -0,0 +1,25 @@
+Goal: don't assume uid 0 == "root", use getpwuid to fetch it
+Fixes: #81924
+
+Status wrt upstream: It should be forwarded to upstream.
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-05-30 23:07:20.196974000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-30 23:13:57.716974000 +0200
+@@ -270,7 +270,14 @@
+ argv++; /* shift ... */
+ }
+ if (!name[0]) /* use default user ID */
+- (void) strcpy (name, "root");
++ {
++ struct passwd *root_pw = getpwuid(0);
++ if (root_pw == NULL) {
++ SYSLOG((LOG_CRIT, "There is no UID 0 user."));
++ su_failure(tty)
++ }
++ strcpy(name, root_pw->pw_name);
++ }
+
+ doshell = argc == 0; /* any arguments remaining? */
+
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-05-29 23:34:38 UTC (rev 183)
+++ trunk/debian/patches/series 2005-05-30 22:00:52 UTC (rev 184)
@@ -5,7 +5,9 @@
005_manpages.dpatch
006_libmisc.dpatch
008_su_addenv_HOME_and_SHELL
+008_su_uid_0_not_root
008_src.dpatch
+008_su_ignore_SIGINT
008_su_check_user_earlier
008_su_no_sanitize_env
008_su_get_PAM_username