[Pkg-shadow-commits] r1072 - in branches/sarge: debian src
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Sat Aug 5 01:57:23 UTC 2006
Author: nekral-guest
Date: 2006-08-05 01:57:17 +0000 (Sat, 05 Aug 2006)
New Revision: 1072
Modified:
branches/sarge/debian/changelog
branches/sarge/debian/control
branches/sarge/src/passwd.c
Log:
1:4.0.3-31sarge8 candidate for proposed-updates.
Modified: branches/sarge/debian/changelog
===================================================================
--- branches/sarge/debian/changelog 2006-08-05 00:49:14 UTC (rev 1071)
+++ branches/sarge/debian/changelog 2006-08-05 01:57:17 UTC (rev 1072)
@@ -1,3 +1,16 @@
+shadow (1:4.0.3-31sarge8) proposed-updates; urgency=low
+
+ * Add Nicolas FRANCOIS to the Uploaders.
+
+ * SECURITY UPDATE: CVE-2006-3378: Root privilege escalation.
+ * src/passwd.c:
+ - Check for failing setuid() (which can happen if user hits PAM
+ limits). Before, passwd continued to run as root and executed
+ chfn/chsh/gpasswd as root instead of as the user.
+ - Thanks to Sune Kloppenborg Jeppesen for pointing this out.
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sat, 5 Aug 2006 02:53:20 +0200
+
shadow (1:4.0.3-31sarge7) proposed-updates; urgency=high
* Bump version to circumvent a 4.0.3-31sarge6 version full of autotools
Modified: branches/sarge/debian/control
===================================================================
--- branches/sarge/debian/control 2006-08-05 00:49:14 UTC (rev 1071)
+++ branches/sarge/debian/control 2006-08-05 01:57:17 UTC (rev 1072)
@@ -3,7 +3,7 @@
Priority: required
Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Standards-Version: 3.6.1.1
-Uploaders: Christian Perrier <bubulle at debian.org>, Sam Hartman <hartmans at debian.org>
+Uploaders: Christian Perrier <bubulle at debian.org>, Sam Hartman <hartmans at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
Build-Depends: autoconf, automake1.7, libtool, bzip2, gettext, libpam0g-dev [!hurd-i386], texinfo, file, debhelper (>= 4.1.16), po-debconf, libpam-runtime (>= 0.76-14)
Package: passwd
Modified: branches/sarge/src/passwd.c
===================================================================
--- branches/sarge/src/passwd.c 2006-08-05 00:49:14 UTC (rev 1071)
+++ branches/sarge/src/passwd.c 2006-08-05 01:57:17 UTC (rev 1072)
@@ -30,7 +30,7 @@
#include <config.h>
#include "rcsid.h"
-RCSID (PKG_VER "$Id$")
+RCSID (PKG_VER "$Id: passwd.c 6 2005-03-20 15:34:28Z bubulle $")
#include "prototypes.h"
#include "defines.h"
#include <sys/types.h>
@@ -958,7 +958,13 @@
if (argc > 1 && argv[1][0] == '-' && strchr ("gfs", argv[1][1])) {
char buf[200];
- setuid (getuid ());
+ uid_t uid = getuid();
+ setuid (uid);
+ if (getuid() != uid) {
+ perror("cannot set user id");
+ SYSLOG ((LOG_ERR, "setuid to %i failed", uid));
+ exit(E_FAILURE);
+ }
switch (argv[1][1]) {
case 'g':
argv[1] = GPASSWD_PROGRAM; /* XXX warning: const */
Property changes on: branches/sarge/src/passwd.c
___________________________________________________________________
Name: svn:keywords
- Author Date Id Revision
More information about the Pkg-shadow-commits
mailing list