diff --git a/pam-1.0.91-std-noclose.patch b/pam-1.0.91-std-noclose.patch new file mode 100644 index 0000000..e08366f --- /dev/null +++ b/pam-1.0.91-std-noclose.patch @@ -0,0 +1,58 @@ +diff -up Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c +--- Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose 2009-03-13 17:31:17.000000000 +0100 ++++ Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c 2009-03-13 17:31:02.000000000 +0100 +@@ -137,7 +137,7 @@ create_homedir (pam_handle_t *pamh, int + if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { + close(i); + } + } +diff -up Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/support.c +--- Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose 2009-03-03 14:56:01.000000000 +0100 ++++ Linux-PAM-1.0.91/modules/pam_unix/support.c 2009-03-13 17:34:02.000000000 +0100 +@@ -447,9 +447,8 @@ static int _unix_run_helper_binary(pam_h + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- if (i != STDIN_FILENO) +- close(i); ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { ++ close(i); + } + } + +diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c +--- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose 2009-03-03 14:56:01.000000000 +0100 ++++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c 2009-03-13 17:32:36.000000000 +0100 +@@ -179,9 +179,8 @@ static int _unix_run_update_binary(pam_h + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- if (i != STDIN_FILENO) +- close(i); ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { ++ close(i); + } + } + +diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c +--- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose 2009-03-03 14:56:01.000000000 +0100 ++++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c 2009-03-13 17:33:21.000000000 +0100 +@@ -106,10 +106,8 @@ int _unix_run_verify_binary(pam_handle_t + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- if (i != STDOUT_FILENO) { +- close(i); +- } ++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) { ++ close(i); + } + } + diff --git a/pam.spec b/pam.spec index 7445de1..bf7a8f1 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.0.91 -Release: 1%{?dist} +Release: 2%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # pam_rhosts_auth module is BSD with advertising @@ -20,6 +20,7 @@ Source9: system-auth.5 Source10: config-util.5 Source11: 90-nproc.conf Patch1: pam-1.0.90-redhat-modules.patch +Patch2: pam-1.0.91-std-noclose.patch %define _sbindir /sbin %define _moduledir /%{_lib}/security @@ -81,6 +82,7 @@ PAM-aware applications and modules for use with PAM. mv pam-redhat-%{pam_redhat_version}/* modules %patch1 -p1 -b .redhat-modules +%patch2 -p1 -b .std-noclose autoreconf @@ -313,6 +315,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Mon Mar 16 2009 Tomas Mraz 1.0.91-2 +- do not close stdout/err when execing the helpers (#488147) + * Mon Mar 9 2009 Tomas Mraz 1.0.91-1 - upgrade to new upstream release