[Pkg-shadow-commits] r1375 - in upstream/trunk: . src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Nov 17 17:19:44 UTC 2007 

Author: nekral-guest
Date: 2007-11-17 17:19:44 +0000 (Sat, 17 Nov 2007)
New Revision: 1375

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/su.c
Log:
Avoid terminating the PAM library in the forked child.  This is done later
in the parent after closing the PAM session.
This fixes http://bugs.debian.org/412061.
Debian patch 405_su_no_pam_end_before_exec.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2007-11-17 17:03:01 UTC (rev 1374)
+++ upstream/trunk/ChangeLog	2007-11-17 17:19:44 UTC (rev 1375)
@@ -1,5 +1,12 @@
 2007-11-17  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, src/su.c: Avoid terminating the PAM library in the forked
+	child.  This is done later in the parent after closing the PAM
+	session. This fixes http://bugs.debian.org/412061.
+	Debian patch 405_su_no_pam_end_before_exec.
+
+2007-11-17  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* man/newgrp.1.xml: Mention sg in the newgrp manpage.
 	Debian patch 410_newgrp_man_mention_sg.
 

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2007-11-17 17:03:01 UTC (rev 1374)
+++ upstream/trunk/NEWS	2007-11-17 17:19:44 UTC (rev 1375)
@@ -39,6 +39,8 @@
   addition* to editing the password field.  Debian patch 494_passwd_lock.
 - pwck: Remove the SHADOWPWD preprocessor check. Some check for /etc/shadow
   were always missing.
+- su: Avoid terminating the PAM library in the forked child. This is done
+  later in the parent after closing the PAM session.
 
 shadow-4.0.18.1 -> shadow-4.0.18.2					28-10-2007
 

Modified: upstream/trunk/src/su.c
===================================================================
--- upstream/trunk/src/su.c	2007-11-17 17:03:01 UTC (rev 1374)
+++ upstream/trunk/src/su.c	2007-11-17 17:19:44 UTC (rev 1375)
@@ -183,7 +183,12 @@
 
 	child = fork ();
 	if (child == 0) {	/* child shell */
-		pam_end (pamh, PAM_SUCCESS);
+		/*
+		 * PAM_DATA_SILENT is not supported by some modules, and
+		 * there is no strong need to clean up the process space's
+		 * memory since we will either call exec or exit.
+		pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+		 */
 
 		if (doshell)
 			(void) shell (shellstr, (char *) args[0], envp);

More information about the Pkg-shadow-commits mailing list