From e6a6605f9c9636540cc4f52735d72722271eb679 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Wed, 23 Aug 2006 09:56:42 +0000 Subject: [PATCH] - Don't chdir until after PAM bits in su (bug #197659). --- coreutils-5.2.1-runuser.patch | 4 +- coreutils-pam.patch | 128 +++++++++++++++++----------------- coreutils.spec | 5 +- 3 files changed, 69 insertions(+), 68 deletions(-) diff --git a/coreutils-5.2.1-runuser.patch b/coreutils-5.2.1-runuser.patch index c82e4ca..f23856e 100644 --- a/coreutils-5.2.1-runuser.patch +++ b/coreutils-5.2.1-runuser.patch @@ -221,7 +221,7 @@ { #ifdef SYSLOG_FAILURE log_su (pw, false); -@@ -790,10 +882,18 @@ +@@ -790,8 +882,16 @@ modify_environment (pw, shell); #ifndef USE_PAM @@ -232,8 +232,6 @@ +#endif + ); #endif - if (simulate_login && chdir (pw->pw_dir) != 0) - error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir); - run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw); + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw diff --git a/coreutils-pam.patch b/coreutils-pam.patch index c342555..969bec6 100644 --- a/coreutils-pam.patch +++ b/coreutils-pam.patch @@ -1,16 +1,55 @@ ---- coreutils-5.92/src/Makefile.am.pam 2005-10-24 17:58:21.000000000 +0100 -+++ coreutils-5.92/src/Makefile.am 2005-10-24 17:58:21.000000000 +0100 -@@ -93,7 +93,7 @@ +--- coreutils-5.97/doc/coreutils.texi.pam 2006-02-07 08:31:28.000000000 +0000 ++++ coreutils-5.97/doc/coreutils.texi 2006-08-23 10:45:26.000000000 +0100 +@@ -12768,8 +12768,11 @@ + @findex syslog + @command{su} can optionally be compiled to use @code{syslog} to report + failed, and optionally successful, @command{su} attempts. (If the system +-supports @code{syslog}.) However, GNU @command{su} does not check if the +-user is a member of the @code{wheel} group; see below. ++supports @code{syslog}.) ++ ++This version of @command{su} has support for using PAM for ++authentication. You can edit @file{/etc/pam.d/su} to customize its ++behaviour. - uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS) + The program accepts the following options. Also see @ref{Common options}. --su_LDADD = $(LDADD) $(LIB_CRYPT) -+su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@ +@@ -12850,33 +12853,6 @@ + the exit status of the subshell otherwise + @end display - $(PROGRAMS): ../lib/libcoreutils.a +-@cindex wheel group, not supported +-@cindex group wheel, not supported +-@cindex fascism +-@subsection Why GNU @command{su} does not support the @samp{wheel} group +- +-(This section is by Richard Stallman.) +- +-@cindex Twenex +-@cindex MIT AI lab +-Sometimes a few of the users try to hold total power over all the +-rest. For example, in 1984, a few users at the MIT AI lab decided to +-seize power by changing the operator password on the Twenex system and +-keeping it secret from everyone else. (I was able to thwart this coup +-and give power back to the users by patching the kernel, but I +-wouldn't know how to do that in Unix.) +- +-However, occasionally the rulers do tell someone. Under the usual +-@command{su} mechanism, once someone learns the root password who +-sympathizes with the ordinary users, he or she can tell the rest. The +-``wheel group'' feature would make this impossible, and thus cement the +-power of the rulers. +- +-I'm on the side of the masses, not that of the rulers. If you are +-used to supporting the bosses and sysadmins in whatever they do, you +-might find this idea strange at first. +- +- + @node Process control + @chapter Process control ---- coreutils-5.92/src/su.c.pam 2005-10-24 17:58:21.000000000 +0100 -+++ coreutils-5.92/src/su.c 2005-10-24 18:06:22.000000000 +0100 +--- coreutils-5.97/src/su.c.pam 2006-08-23 10:45:26.000000000 +0100 ++++ coreutils-5.97/src/su.c 2006-08-23 10:45:33.000000000 +0100 @@ -38,6 +38,16 @@ restricts who can su to UID 0 accounts. RMS considers that to be fascist. @@ -329,72 +368,33 @@ } /* Return true if SHELL is a restricted shell (one not returned by -@@ -550,9 +758,11 @@ +@@ -550,9 +758,9 @@ shell = xstrdup (shell ? shell : pw->pw_shell); modify_environment (pw, shell); +#ifndef USE_PAM change_identity (pw); +- if (simulate_login && chdir (pw->pw_dir) != 0) +- error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir); +#endif - if (simulate_login && chdir (pw->pw_dir) != 0) - error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir); - run_shell (shell, command, argv + optind, MAX (0, argc - optind)); + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw); } ---- coreutils-5.92/doc/coreutils.texi.pam 2005-10-16 08:26:21.000000000 +0100 -+++ coreutils-5.92/doc/coreutils.texi 2005-10-24 17:58:21.000000000 +0100 -@@ -12746,8 +12746,11 @@ - @findex syslog - @command{su} can optionally be compiled to use @code{syslog} to report - failed, and optionally successful, @command{su} attempts. (If the system --supports @code{syslog}.) However, GNU @command{su} does not check if the --user is a member of the @code{wheel} group; see below. -+supports @code{syslog}.) -+ -+This version of @command{su} has support for using PAM for -+authentication. You can edit @file{/etc/pam.d/su} to customize its -+behaviour. +--- coreutils-5.97/src/Makefile.am.pam 2006-08-23 10:45:26.000000000 +0100 ++++ coreutils-5.97/src/Makefile.am 2006-08-23 10:45:26.000000000 +0100 +@@ -92,7 +92,7 @@ - The program accepts the following options. Also see @ref{Common options}. + uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS) -@@ -12828,33 +12831,6 @@ - the exit status of the subshell otherwise - @end display +-su_LDADD = $(LDADD) $(LIB_CRYPT) ++su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@ --@cindex wheel group, not supported --@cindex group wheel, not supported --@cindex fascism --@subsection Why GNU @command{su} does not support the @samp{wheel} group -- --(This section is by Richard Stallman.) -- --@cindex Twenex --@cindex MIT AI lab --Sometimes a few of the users try to hold total power over all the --rest. For example, in 1984, a few users at the MIT AI lab decided to --seize power by changing the operator password on the Twenex system and --keeping it secret from everyone else. (I was able to thwart this coup --and give power back to the users by patching the kernel, but I --wouldn't know how to do that in Unix.) -- --However, occasionally the rulers do tell someone. Under the usual --@command{su} mechanism, once someone learns the root password who --sympathizes with the ordinary users, he or she can tell the rest. The --``wheel group'' feature would make this impossible, and thus cement the --power of the rulers. -- --I'm on the side of the masses, not that of the rulers. If you are --used to supporting the bosses and sysadmins in whatever they do, you --might find this idea strange at first. -- -- - @node Process control - @chapter Process control + $(PROGRAMS): ../lib/libcoreutils.a ---- coreutils-5.92/configure.ac.pam 2005-10-24 17:58:21.000000000 +0100 -+++ coreutils-5.92/configure.ac 2005-10-24 17:58:21.000000000 +0100 -@@ -28,6 +28,13 @@ +--- coreutils-5.97/configure.ac.pam 2006-08-23 10:45:26.000000000 +0100 ++++ coreutils-5.97/configure.ac 2006-08-23 10:45:26.000000000 +0100 +@@ -27,6 +27,13 @@ AB_INIT() AM_INIT_AUTOMAKE([1.8.3 gnits dist-bzip2]) @@ -408,9 +408,9 @@ gl_DEFAULT_POSIX2_VERSION gl_USE_SYSTEM_EXTENSIONS gl_PERL ---- coreutils-5.92/config.hin.pam 2005-10-24 17:58:21.000000000 +0100 -+++ coreutils-5.92/config.hin 2005-10-24 17:58:21.000000000 +0100 -@@ -1526,6 +1526,9 @@ +--- coreutils-5.97/config.hin.pam 2006-08-23 10:45:26.000000000 +0100 ++++ coreutils-5.97/config.hin 2006-08-23 10:45:26.000000000 +0100 +@@ -1537,6 +1537,9 @@ /* Define if you want access control list support. */ #undef USE_ACL diff --git a/coreutils.spec b/coreutils.spec index 0846a00..c502164 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: The GNU core utilities: a set of tools commonly used in shell scripts Name: coreutils Version: 5.97 -Release: 7 +Release: 8 License: GPL Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -280,6 +280,9 @@ fi /sbin/runuser %changelog +* Wed Aug 23 2006 Tim Waugh 5.97-8 +- Don't chdir until after PAM bits in su (bug #197659). + * Tue Aug 15 2006 Tim Waugh 5.97-7 - Fixed 'sort -b' multibyte problem (bug #199986).