- upgrade to new upstream version resolving CVE-2007-0003

- pam_namespace: unmount poly dir for override users
This commit is contained in:
Tomáš Mráz 2007-01-24 12:14:29 +00:00
parent d1daca3136
commit bbd6bf031f
5 changed files with 144 additions and 9 deletions

View File

@ -1,5 +1,5 @@
db-4.5.20.tar.gz
*.src.rpm
*.tar.bz2
Linux-PAM-0.99.7.0.tar.bz2
pam-redhat-0.99.7-1.tar.bz2
Linux-PAM-0.99.7.1.tar.bz2

View File

@ -0,0 +1,8 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBFtgDAyGugalF9Dw4RArOyAJ0duc7/WqnlX1+LfjYsUOQsJhICOgCfdWDb
aMzAtzhCqvu+IxJTFwXx/kk=
=I+NT
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,125 @@
--- Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c.unmnt-override 2007-01-22 14:06:31.000000000 +0100
+++ Linux-PAM-0.99.7.0/modules/pam_namespace/pam_namespace.c 2007-01-23 16:41:57.000000000 +0100
@@ -417,17 +417,18 @@
* uids for the polyinstantiated directory, polyinstantiation is not
* performed for that user for that directory.
*/
-static int ns_override(struct polydir_s *polyptr, struct instance_data *idata)
+static int ns_override(struct polydir_s *polyptr, struct instance_data *idata,
+ uid_t uid)
{
unsigned int i;
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
"Checking for ns override in dir %s for uid %d",
- polyptr->dir, idata->uid);
+ polyptr->dir, uid);
for (i = 0; i < polyptr->num_uids; i++) {
- if (idata->uid == polyptr->uid[i]) {
+ if (uid == polyptr->uid[i]) {
return 1;
}
}
@@ -1013,21 +1014,46 @@
int retval = 0, need_poly = 0, changing_dir = 0;
char *cptr, *fptr, poly_parent[PATH_MAX];
struct polydir_s *pptr;
+ uid_t req_uid;
+ const void *ruser_name;
+ struct passwd *pwd;
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG, "Set up namespace for pid %d",
getpid());
+ retval = pam_get_item(idata->pamh, PAM_RUSER, &ruser_name);
+ if (ruser_name == NULL || retval != PAM_SUCCESS) {
+ retval = PAM_SUCCESS;
+ req_uid = getuid();
+ } else {
+ pwd = pam_modutil_getpwnam(idata->pamh, ruser_name);
+ if (pwd != NULL) {
+ req_uid = pwd->pw_uid;
+ } else {
+ req_uid = getuid();
+ }
+ }
+
/*
* Cycle through all polyinstantiated directory entries to see if
* polyinstantiation is needed at all.
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- if (ns_override(pptr, idata)) {
- if (idata->flags & PAMNS_DEBUG)
- pam_syslog(idata->pamh, LOG_DEBUG,
+ if (ns_override(pptr, idata, idata->uid)) {
+ if (unmnt == NO_UNMNT || ns_override(pptr, idata, req_uid)) {
+ if (idata->flags & PAMNS_DEBUG)
+ pam_syslog(idata->pamh, LOG_DEBUG,
"Overriding poly for user %d for dir %s",
idata->uid, pptr->dir);
+ } else {
+ if (idata->flags & PAMNS_DEBUG)
+ pam_syslog(idata->pamh, LOG_DEBUG,
+ "Need unmount ns for user %d for dir %s",
+ idata->uid, pptr->dir);
+ need_poly = 1;
+ break;
+ }
continue;
} else {
if (idata->flags & PAMNS_DEBUG)
@@ -1057,15 +1083,20 @@
* call ns_setup to setup polyinstantiation for a particular entry.
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- if (ns_override(pptr, idata))
- continue;
- else {
- if (idata->flags & PAMNS_DEBUG)
+ enum unmnt_op dir_unmnt = unmnt;
+ if (ns_override(pptr, idata, idata->uid)) {
+ if (unmnt == NO_UNMNT || ns_override(pptr, idata, req_uid)) {
+ continue;
+ } else {
+ dir_unmnt = UNMNT_ONLY;
+ }
+ }
+ if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
"Setting poly ns for user %d for dir %s",
idata->uid, pptr->dir);
- if ((unmnt == UNMNT_REMNT) || (unmnt == UNMNT_ONLY)) {
+ if ((dir_unmnt == UNMNT_REMNT) || (dir_unmnt == UNMNT_ONLY)) {
/*
* Check to see if process current directory is in the
* bind mounted instance_parent directory that we are trying to
@@ -1105,13 +1136,12 @@
} else if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG, "Umount succeeded %s",
pptr->dir);
- }
+ }
- if (unmnt != UNMNT_ONLY) {
+ if (dir_unmnt != UNMNT_ONLY) {
retval = ns_setup(pptr, idata);
if (retval != PAM_SUCCESS)
break;
- }
}
}
@@ -1138,7 +1168,7 @@
* appropriate polyinstantiated instance directories.
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
- if (ns_override(pptr, idata))
+ if (ns_override(pptr, idata, idata->uid))
continue;
else {
if (idata->flags & PAMNS_DEBUG)

View File

@ -10,8 +10,8 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 0.99.7.0
Release: 2%{?dist}
Version: 0.99.7.1
Release: 1%{?dist}
License: GPL or BSD
Group: System Environment/Base
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@ -25,9 +25,7 @@ Source8: dlopen.sh
Source9: system-auth.5
Source10: config-util.5
Patch1: pam-0.99.7.0-redhat-modules.patch
Patch2: pam-0.99.7.0-selinux-build.patch
Patch21: pam-0.78-unix-hpux-aging.patch
Patch22: pam-0.99.7.0-unix-minsalt.patch
Patch34: pam-0.99.7.0-dbpam.patch
Patch70: pam-0.99.2.1-selinux-nofail.patch
Patch80: pam-0.99.6.2-selinux-drop-multiple.patch
@ -38,6 +36,7 @@ Patch86: pam-0.99.7.0-namespace-no-unmount.patch
Patch87: pam-0.99.6.2-namespace-preserve-uid.patch
Patch92: pam-0.99.6.2-selinux-select-context.patch
Patch93: pam-0.99.7.0-namespace-level.patch
Patch94: pam-0.99.7.0-namespace-unmnt-override.patch
Patch95: pam-0.99.6.2-selinux-use-current-range.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -92,9 +91,7 @@ cp %{SOURCE6} .
cp %{SOURCE7} .
%patch1 -p1 -b .redhat-modules
%patch2 -p1 -b .build
%patch21 -p1 -b .unix-hpux-aging
%patch22 -p1 -b .minsalt
%patch34 -p1 -b .dbpam
%patch70 -p1 -b .nofail
%patch80 -p1 -b .drop-multiple
@ -105,6 +102,7 @@ cp %{SOURCE7} .
%patch87 -p1 -b .preserve-uid
%patch92 -p1 -b .select-context
%patch93 -p1 -b .level
%patch94 -p1 -b .unmnt-override
%patch95 -p1 -b .range
autoreconf
@ -397,9 +395,13 @@ fi
%doc doc/adg/*.txt doc/adg/html
%changelog
* Wed Jan 24 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-1
- upgrade to new upstream version resolving CVE-2007-0003
- pam_namespace: unmount poly dir for override users
* Mon Jan 22 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-2
- add back min salt length requirement which was erroneously removed
upstream
upstream (CVE-2007-0003)
* Fri Jan 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-1
- upgrade to new upstream version

View File

@ -1,3 +1,3 @@
b0f1c777708cb8e9d37fb47e7ed3312d db-4.5.20.tar.gz
e4c9e503ac6af0efdd6031a46bdf506f Linux-PAM-0.99.7.0.tar.bz2
66845048120c71205bd3363264f2bfe7 pam-redhat-0.99.7-1.tar.bz2
385458dfb4633071594e255a6ebec9da Linux-PAM-0.99.7.1.tar.bz2