Re: [Pam-developers] Shall we release 1.1.7?
On Fri, Sep 13, Tomas Mraz wrote:
On Wed, 2013-09-11 at 17:05 +0200, Thorsten Kukuk wrote:
> On Wed, Sep 11, Tomas Mraz wrote:
>
>
> > Done, please go ahead with the release.
>
> Done. www.linux-pam.org is updated, fedorahosted will follow later,
> I have to leave now.
Unfortunately pam_unix does not build due to missing parentheses in
pam_unix_passwd.c
Yes, I saw it already, I missed to test with SELinux enabled, because
that was not installed on my development system :(
I have two more "fixes" for glibc warnings about using setuid
without checking return value.
Ok to commit?
--- modules/pam_unix/pam_unix_acct.c
+++ modules/pam_unix/pam_unix_acct.c 2013/09/12 07:19:05
@@ -121,7 +121,12 @@
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+ printf("-1\n");
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
--- modules/pam_unix/support.c
+++ modules/pam_unix/support.c 2013/09/12 07:20:51
@@ -586,7 +586,10 @@
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D(("setuid failed"));
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)