util-linux: backport fix for su(1).
Since trusting PAM_RUSER is left to administrators, make sure it can be trusted if necessary.
This commit is contained in:
Érico Nogueira
parent
7f104529ec
commit
56a567d507
2 changed files with 48 additions and 1 deletions
|
|
@ -0,0 +1,47 @@
|
||||||
|
From 3386b92e09e8a945cb071808e012e0b600f8bcb2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C3=89rico=20Nogueira?= <erico.erc@gmail.com>
|
||||||
|
Date: Tue, 27 Jul 2021 23:41:30 -0300
|
||||||
|
Subject: [PATCH 1/4] lib/pwdutils: don't use getlogin(3).
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Per the man page, it shouldn't be used for security purposes. This is an
|
||||||
|
issue especially on musl, where getlogin is implemented as
|
||||||
|
getenv("LOGNAME"). Since xgetlogin is being used as user identity in su(1), to
|
||||||
|
set PAM_RUSER, we simply switch to always using getpwuid(getuid()).
|
||||||
|
|
||||||
|
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
|
||||||
|
---
|
||||||
|
lib/pwdutils.c | 8 +++-----
|
||||||
|
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/pwdutils.c b/lib/pwdutils.c
|
||||||
|
index d97020cb9..641a9da40 100644
|
||||||
|
--- a/lib/pwdutils.c
|
||||||
|
+++ b/lib/pwdutils.c
|
||||||
|
@@ -104,11 +104,6 @@ char *xgetlogin(void)
|
||||||
|
{
|
||||||
|
struct passwd *pw = NULL;
|
||||||
|
uid_t ruid;
|
||||||
|
- char *user;
|
||||||
|
-
|
||||||
|
- user = getlogin();
|
||||||
|
- if (user)
|
||||||
|
- return xstrdup(user);
|
||||||
|
|
||||||
|
/* GNU Hurd implementation has an extension where a process can exist in a
|
||||||
|
* non-conforming environment, and thus be outside the realms of POSIX
|
||||||
|
@@ -117,6 +112,9 @@ char *xgetlogin(void)
|
||||||
|
* environment.
|
||||||
|
*
|
||||||
|
* http://austingroupbugs.net/view.php?id=511
|
||||||
|
+ *
|
||||||
|
+ * The same implementation is useful for other systems, since getlogin(3)
|
||||||
|
+ * shouldn't be used as actual identification.
|
||||||
|
*/
|
||||||
|
errno = 0;
|
||||||
|
ruid = getuid();
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
# Keep this package sync with util-linux-common
|
# Keep this package sync with util-linux-common
|
||||||
pkgname=util-linux
|
pkgname=util-linux
|
||||||
version=2.37.1
|
version=2.37.1
|
||||||
revision=1
|
revision=2
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--exec-prefix=\${prefix} --enable-libuuid --disable-makeinstall-chown
|
configure_args="--exec-prefix=\${prefix} --enable-libuuid --disable-makeinstall-chown
|
||||||
--enable-libblkid --enable-fsck --disable-rpath --enable-fs-paths-extra=/usr/sbin:/usr/bin
|
--enable-libblkid --enable-fsck --disable-rpath --enable-fs-paths-extra=/usr/sbin:/usr/bin
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue