From 837a5499fa7826b7c8584aaf0419a5312bd8a91a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= <tmraz@fedoraproject.org>
Date: Thu, 26 Mar 2009 09:28:14 +0000
Subject: [PATCH] - replace also other std descriptors (#491471)

---
 pam-1.0.91-std-noclose.patch | 51 +++++++++++++++++++++++++++++-------
 pam.spec                     |  5 +++-
 2 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/pam-1.0.91-std-noclose.patch b/pam-1.0.91-std-noclose.patch
index b1a4af8..2bbd82c 100644
--- a/pam-1.0.91-std-noclose.patch
+++ b/pam-1.0.91-std-noclose.patch
@@ -1,7 +1,21 @@
 diff -up Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c
---- Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose	2009-03-13 17:31:17.000000000 +0100
-+++ Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c	2009-03-13 17:31:02.000000000 +0100
-@@ -137,7 +137,7 @@ create_homedir (pam_handle_t *pamh, int 
+--- Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose	2009-03-03 14:56:01.000000000 +0100
++++ Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c	2009-03-26 10:02:15.000000000 +0100
+@@ -131,13 +131,21 @@ create_homedir (pam_handle_t *pamh, int 
+    if (child == 0) {
+         int i;
+         struct rlimit rlim;
++	int dummyfds[2];
+ 	static char *envp[] = { NULL };
+ 	char *args[] = { NULL, NULL, NULL, NULL, NULL };
+ 
++	/* replace std file descriptors with a dummy pipe */
++	if (pipe(dummyfds) == 0) {
++		dup2(dummyfds[0], STDIN_FILENO);
++		dup2(dummyfds[1], STDOUT_FILENO);
++		dup2(dummyfds[2], STDERR_FILENO);
++	}
++
  	if (getrlimit(RLIMIT_NOFILE, &rlim)==0) {
            if (rlim.rlim_max >= MAX_FD_NO)
                  rlim.rlim_max = MAX_FD_NO;
@@ -12,8 +26,16 @@ diff -up Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linu
  	}
 diff -up Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/support.c
 --- Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose	2009-03-03 14:56:01.000000000 +0100
-+++ Linux-PAM-1.0.91/modules/pam_unix/support.c	2009-03-13 17:34:02.000000000 +0100
-@@ -447,9 +447,8 @@ static int _unix_run_helper_binary(pam_h
++++ Linux-PAM-1.0.91/modules/pam_unix/support.c	2009-03-26 10:08:59.000000000 +0100
+@@ -443,13 +443,16 @@ static int _unix_run_helper_binary(pam_h
+ 
+ 	/* reopen stdin as pipe */
+ 	dup2(fds[0], STDIN_FILENO);
++	/* and replace also the stdout/err as the helper will
++           not write anything there */
++	dup2(fds[1], STDOUT_FILENO);
++	dup2(fds[1], STDERR_FILENO);
+ 
  	if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
            if (rlim.rlim_max >= MAX_FD_NO)
                  rlim.rlim_max = MAX_FD_NO;
@@ -27,8 +49,16 @@ diff -up Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose Linux-PAM-1.0.9
  
 diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c
 --- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose	2009-03-03 14:56:01.000000000 +0100
-+++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c	2009-03-13 17:32:36.000000000 +0100
-@@ -179,9 +179,8 @@ static int _unix_run_update_binary(pam_h
++++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c	2009-03-26 10:07:06.000000000 +0100
+@@ -175,13 +175,16 @@ static int _unix_run_update_binary(pam_h
+ 
+ 	/* reopen stdin as pipe */
+ 	dup2(fds[0], STDIN_FILENO);
++	/* and replace also the stdout/err as the helper will
++           not write anything there */
++	dup2(fds[1], STDOUT_FILENO);
++	dup2(fds[1], STDERR_FILENO);
+ 
  	if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
  	  if (rlim.rlim_max >= MAX_FD_NO)
  	    rlim.rlim_max = MAX_FD_NO;
@@ -42,14 +72,15 @@ diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-P
  
 diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c
 --- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose	2009-03-03 14:56:01.000000000 +0100
-+++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c	2009-03-17 15:08:51.000000000 +0100
-@@ -100,16 +100,17 @@ int _unix_run_verify_binary(pam_handle_t
++++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c	2009-03-26 10:05:41.000000000 +0100
+@@ -100,16 +100,18 @@ int _unix_run_verify_binary(pam_handle_t
  
      /* reopen stdout as pipe */
      dup2(fds[1], STDOUT_FILENO);
-+    /* and replace also the stdin so we do not exec the helper with
++    /* and replace also the stdin, stderr so we do not exec the helper with
 +       tty as stdin, it will not read anything from there anyway */
 +    dup2(fds[0], STDIN_FILENO);
++    dup2(fds[1], STDERR_FILENO);
  
      /* XXX - should really tidy up PAM here too */
  
diff --git a/pam.spec b/pam.spec
index d88e1b3..b7ca092 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.0.91
-Release: 3%{?dist}
+Release: 4%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -315,6 +315,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Thu Mar 26 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-4
+- replace also other std descriptors (#491471)
+
 * Tue Mar 16 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-3
 - we must replace the stdin when execing the helper (#490644)