clear supplementary groups in pam_console handler execution

2011-07-15 14:55:38 +02:00 · 2011-07-15 14:55:38 +02:00 · 8de0245233
commit 8de0245233
parent 412141d627
2 changed files with 6 additions and 2 deletions
--- a/pam-1.1.0-console-fixes.patch
+++ b/pam-1.1.0-console-fixes.patch
@ -28,7 +28,7 @@ diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1
         child = fork();
         switch (child) {
         case -1:
-@@ -246,30 +246,31 @@ execute_handler(pam_handle_t *pamh, stru
+@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru
                 if (!wait_exit) {
 			switch(fork()) {
 			case 0:
@ -54,6 +54,7 @@ diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1
 -                                exit(255);
 +                                _exit(255);
                         if (setgid(pw->pw_gid) == -1 ||
+                            setgroups(0, NULL) == -1 ||
                             setuid(pw->pw_uid) == -1)
 -                                exit(255);
 +                                _exit(255);
--- a/pam.spec
+++ b/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License: BSD and GPLv2+
@ -359,6 +359,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html

 %changelog
+* Fri Jul 15 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-2
+- clear supplementary groups in pam_console handler execution
+
 * Mon Jun 27 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-1
 - upgrade to new upstream release