[Pkg-shadow-commits] r1382 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Nov 17 20:28:33 UTC 2007
Author: nekral-guest
Date: 2007-11-17 20:28:32 +0000 (Sat, 17 Nov 2007)
New Revision: 1382
Modified:
upstream/trunk/ChangeLog
upstream/trunk/src/chage.c
Log:
Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
* src/chage.c: Make chage -l also drop the saved GID.
* src/chage.c: Prefer setregid/setreuid to setgid/setuid.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-11-17 20:09:54 UTC (rev 1381)
+++ upstream/trunk/ChangeLog 2007-11-17 20:28:32 UTC (rev 1382)
@@ -1,9 +1,12 @@
2007-11-17 Nicolas François <nicolas.francois at centraliens.net>
+ Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
* src/chage.c: Remove cleanup(). pw_lock is never called. Replace
cleanup(2) by spw_unlock and remove the calls to cleanup(1).
* src/chage.c: Remove variable pwrw. It is always set to 0. The
password database is always read only.
+ * src/chage.c: Make chage -l also drop the saved GID.
+ * src/chage.c: Prefer setregid/setreuid to setgid/setuid.
2007-11-17 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/src/chage.c
===================================================================
--- upstream/trunk/src/chage.c 2007-11-17 20:09:54 UTC (rev 1381)
+++ upstream/trunk/src/chage.c 2007-11-17 20:28:32 UTC (rev 1382)
@@ -322,6 +322,7 @@
const struct spwd *sp;
struct spwd spwd;
uid_t ruid;
+ gid_t rgid;
int amroot;
const struct passwd *pw;
struct passwd pwent;
@@ -342,6 +343,7 @@
textdomain (PACKAGE);
ruid = getuid ();
+ rgid = getgid ();
amroot = (ruid == 0);
#ifdef WITH_SELINUX
if (amroot && is_selinux_enabled () > 0)
@@ -547,7 +549,7 @@
exit (E_NOPERM);
}
- if (lflg && (setgid (getgid ()) || setuid (ruid))) {
+ if (lflg && (setregid (rgid, rgid) || setreuid (ruid, ruid))) {
fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
Prog, strerror (errno));
#ifdef WITH_AUDIT
More information about the Pkg-shadow-commits
mailing list