util-linux: backport fix for su(1).
Since trusting PAM_RUSER is left to administrators, make sure it can be trusted if necessary.
This commit is contained in:
Érico Nogueira
parent
7f104529ec
commit
56a567d507
|
|
@ -0,0 +1,47 @@
|
|||
From 3386b92e09e8a945cb071808e012e0b600f8bcb2 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?=C3=89rico=20Nogueira?= <erico.erc@gmail.com>
|
||||
Date: Tue, 27 Jul 2021 23:41:30 -0300
|
||||
Subject: [PATCH 1/4] lib/pwdutils: don't use getlogin(3).
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Per the man page, it shouldn't be used for security purposes. This is an
|
||||
issue especially on musl, where getlogin is implemented as
|
||||
getenv("LOGNAME"). Since xgetlogin is being used as user identity in su(1), to
|
||||
set PAM_RUSER, we simply switch to always using getpwuid(getuid()).
|
||||
|
||||
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
|
||||
---
|
||||
lib/pwdutils.c | 8 +++-----
|
||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/lib/pwdutils.c b/lib/pwdutils.c
|
||||
index d97020cb9..641a9da40 100644
|
||||
--- a/lib/pwdutils.c
|
||||
+++ b/lib/pwdutils.c
|
||||
@@ -104,11 +104,6 @@ char *xgetlogin(void)
|
||||
{
|
||||
struct passwd *pw = NULL;
|
||||
uid_t ruid;
|
||||
- char *user;
|
||||
-
|
||||
- user = getlogin();
|
||||
- if (user)
|
||||
- return xstrdup(user);
|
||||
|
||||
/* GNU Hurd implementation has an extension where a process can exist in a
|
||||
* non-conforming environment, and thus be outside the realms of POSIX
|
||||
@@ -117,6 +112,9 @@ char *xgetlogin(void)
|
||||
* environment.
|
||||
*
|
||||
* http://austingroupbugs.net/view.php?id=511
|
||||
+ *
|
||||
+ * The same implementation is useful for other systems, since getlogin(3)
|
||||
+ * shouldn't be used as actual identification.
|
||||
*/
|
||||
errno = 0;
|
||||
ruid = getuid();
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
# Keep this package sync with util-linux-common
|
||||
pkgname=util-linux
|
||||
version=2.37.1
|
||||
revision=1
|
||||
revision=2
|
||||
build_style=gnu-configure
|
||||
configure_args="--exec-prefix=\${prefix} --enable-libuuid --disable-makeinstall-chown
|
||||
--enable-libblkid --enable-fsck --disable-rpath --enable-fs-paths-extra=/usr/sbin:/usr/bin
|
||||
|
|
|
|||
Loading…
Reference in New Issue