[Pkg-shadow-commits] r2706 - in upstream/trunk: . src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Fri Apr 17 20:40:26 UTC 2009
Author: nekral-guest
Date: 2009-04-17 20:40:26 +0000 (Fri, 17 Apr 2009)
New Revision: 2706
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/login.c
Log:
* NEWS, src/login.c: Do not trust the current utmp entry's ut_line
to set PAM_TTY.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2009-04-15 23:36:17 UTC (rev 2705)
+++ upstream/trunk/ChangeLog 2009-04-17 20:40:26 UTC (rev 2706)
@@ -1,3 +1,8 @@
+2009-04-17 Paul Szabo <psz at maths.usyd.edu.au>
+
+ * NEWS, src/login.c: Do not trust the current utmp entry's ut_line
+ to set PAM_TTY.
+
2009-04-15 Nicolas François <nicolas.francois at centraliens.net>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
@@ -4,14 +9,14 @@
* po/*.po, man/po/*.po: Updated PO files.
* configure.in: Updated version number.
-2009-04-15 Peter Vrabec <pvrabec at redhat.com>
+2009-04-15 Peter Vrabec <pvrabec at redhat.com>
* NEWS, src/userdel.c: Fixed SE Linux support. semanage should be
called at the end.
* src/useradd.c: Always call selinux_update_mapping() (i.e.
semanage), not only when -Z is used.
-2009-04-15 Peter Vrabec <pvrabec at redhat.com>
+2009-04-15 Peter Vrabec <pvrabec at redhat.com>
* NEWS, srclib/getlong.c: Fix parsing of octal numbers.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2009-04-15 23:36:17 UTC (rev 2705)
+++ upstream/trunk/NEWS 2009-04-17 20:40:26 UTC (rev 2706)
@@ -1,5 +1,11 @@
$Id$
+shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
+
+- login
+ * Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
+ lead to DOS attacks.
+
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
*** security:
Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c 2009-04-15 23:36:17 UTC (rev 2705)
+++ upstream/trunk/src/login.c 2009-04-17 20:40:26 UTC (rev 2706)
@@ -416,6 +416,7 @@
*/
int main (int argc, char **argv)
{
+ const char *tmptty;
char tty[BUFSIZ];
#ifdef RLOGIN
@@ -479,7 +480,13 @@
* entry (will not overwrite remote hostname). --marekm
*/
checkutmp (!amroot);
- STRFCPY (tty, utent.ut_line);
+
+ tmptty = ttyname (0);
+ if (NULL == tmptty) {
+ tmptty = "UNKNOWN";
+ }
+ STRFCPY (tty, tmptty);
+
#ifndef USE_PAM
is_console = console (tty);
#endif
@@ -1093,7 +1100,7 @@
#ifndef USE_PAM /* pam_lastlog handles this */
if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
- dolastlog (&lastlog, &pwent, utent.ut_line, hostname);
+ dolastlog (&lastlog, &pwent, tty, hostname);
}
#endif
@@ -1147,7 +1154,7 @@
if (getppid() == 1) {
setsid();
if (ioctl(0, TIOCSCTTY, 1) != 0) {
- fprintf (stderr,_("TIOCSCTTY failed on %s"),tty);
+ fprintf (stderr, _("TIOCSCTTY failed on %s"), tty);
}
}
More information about the Pkg-shadow-commits
mailing list