Attachment 255455 Details for Bug 346813 – sys-apps/shadow-4.1.4.2-r6 patch to drop privileges in a more appropiate place

[patch] sys-apps/shadow-4.1.4.2-r6 patch to drop privileges in a more appropiate place

shadow-4.1.4.2-drop_privileges_after_fork.patch (text/plain), 1.07 KB, created by Cesar Garcia on 2010-11-26 03:07:47 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Cesar Garcia

Created: 2010-11-26 03:07:47 UTC

Size: 1.07 KB

patch

obsolete

>--- src/su.c.orig	2010-11-25 21:08:03.594408976 -0430
>+++ src/su.c	2010-11-25 21:11:49.904408989 -0430
>@@ -231,6 +231,13 @@
> 
> 	child = fork ();
> 	if (child == 0) {	/* child shell */
>+		/* become the new user */
>+		if (change_uid (&pwent) != 0) {
>+			pam_close_session (pamh, 0);
>+			pam_setcred (pamh, PAM_DELETE_CRED);
>+			(void) pam_end (pamh, PAM_ABORT);
>+			exit (1);
>+		}
> 		/*
> 		 * PAM_DATA_SILENT is not supported by some modules, and
> 		 * there is no strong need to clean up the process space's
>@@ -297,6 +304,8 @@
> 		kill (child, SIGTERM);
> 	}
> 
>+	/* Not checking retval on this because we need to call close session */
>+	pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
> 	ret = pam_close_session (pamh, 0);
> 	if (PAM_SUCCESS != ret) {
> 		SYSLOG ((LOG_ERR, "pam_close_session: %s",
>@@ -910,13 +919,6 @@
> 		}
> 	}
> 
>-	/* become the new user */
>-	if (change_uid (&pwent) != 0) {
>-		pam_close_session (pamh, 0);
>-		pam_setcred (pamh, PAM_DELETE_CRED);
>-		(void) pam_end (pamh, PAM_ABORT);
>-		exit (1);
>-	}
> #else				/* !USE_PAM */
> 	environ = newenvp;	/* make new environment active */
>

Actions: View | Diff

Attachments on bug 346813: 255455