[Pkg-shadow-devel] Re: [Pkg-shadow-commits] r407 - in
branches/experimental/debian: . patches
Nicolas François
nicolas.francois at centraliens.net
Wed Jul 27 18:44:07 UTC 2005
On Tue, Jul 26, 2005 at 07:37:29PM +0200, Nicolas François wrote:
> Tomasz, do you think this is OK? Do you have an idea how this should be
> fixed? (At least there is no mean to change the environment based on the
> user with pam_env).
Hello Tomasz,
I've seen your changes
(http://cvs.pld.org.pl/shadow/src/su.c?r1=1.39&r2=1.40)
In older revisions, newenvp was copied to environ later (when USE_PAM).
See the comment:
/* we need to setup the environment *after* pam_open_session(),
* else the UID is changed before stuff like pam_xauth could
* run, and we cannot access /etc/shadow and co
*/
Can you have a look at the attached patch?
(It also restore a comment that was there in older revisions)
> Christian, if needed, I can re-introduce the ENV_PATH/ENV_SUPATH
> variables.
It will be committed soon in a 364 patch.
Kind Regards
--
Nekral
-------------- next part --------------
Index: src/su.c
===================================================================
RCS file: /cvsroot/shadow/src/su.c,v
retrieving revision 1.40
diff -u -r1.40 su.c
--- src/su.c 27 Jul 2005 10:12:00 -0000 1.40
+++ src/su.c 27 Jul 2005 17:24:10 -0000
@@ -594,7 +594,10 @@
addenv ("PATH", cp);
}
+/* setup the environment for pam later on, else we run into auth problems */
+#ifndef USE_PAM
environ = newenvp; /* make new environment active */
+#endif /* !USE_PAM */
if (getenv ("IFS")) /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
More information about the Pkg-shadow-devel
mailing list