[linux-pam] pam_rootok: use rootok permission instead of passwd permission in SELinux check.
by Tomáš Mráz
commit f655b4b3a73cea7fb5d9e905617712281dc3c803
Author: Tomas Mraz <tmraz(a)fedoraproject.org>
Date: Wed Aug 12 17:04:00 2015 +0200
pam_rootok: use rootok permission instead of passwd permission in SELinux check.
* modules/pam_rootok/pam_rootok.c (selinux_check_root): Use rootok instead of
passwd permission.
modules/pam_rootok/pam_rootok.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index 70579e5..88bed0c 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -106,7 +106,7 @@ selinux_check_root (void)
return status;
}
- status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
+ status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL);
selinux_set_callback(SELINUX_CB_LOG, old_callback);
freecon(user_context);
8 years, 7 months
[linux-pam] pam_timestamp: Avoid leaking file descriptor.
by Tomáš Mráz
commit bb506282825923b89d61e96e76e2f67c67374284
Author: Amarnath Valluri <amarnath.valluri(a)intel.com>
Date: Wed Aug 5 15:16:51 2015 +0200
pam_timestamp: Avoid leaking file descriptor.
* modules/pam_timestamp/hmacsha1.c(hmac_key_create):
close 'keyfd' when failed to own it.
Signed-off-by: Amarnath Valluri <amarnath.valluri(a)intel.com>
modules/pam_timestamp/hmacsha1.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/modules/pam_timestamp/hmacsha1.c b/modules/pam_timestamp/hmacsha1.c
index 573ecf3..3f41106 100644
--- a/modules/pam_timestamp/hmacsha1.c
+++ b/modules/pam_timestamp/hmacsha1.c
@@ -73,6 +73,7 @@ hmac_key_create(pam_handle_t *pamh, const char *filename, size_t key_size,
if (fchown(keyfd, owner, group) == -1) {
pam_syslog(pamh, LOG_ERR, "Cannot chown %s: %m", filename);
+ close(keyfd);
return;
}
8 years, 7 months