pam_unix: do not fail with bad ld.so.preload
This commit is contained in:
Tomas Mraz
parent
858c76dcd3
commit
bc16a79c57
@ -1,6 +1,6 @@
|
|||||||
diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c
|
diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c
|
||||||
--- Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
--- Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
||||||
+++ Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c 2012-08-17 13:25:20.684075361 +0200
|
+++ Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c 2013-04-23 17:07:46.565362820 +0200
|
||||||
@@ -133,13 +133,21 @@ create_homedir (pam_handle_t *pamh, opti
|
@@ -133,13 +133,21 @@ create_homedir (pam_handle_t *pamh, opti
|
||||||
if (child == 0) {
|
if (child == 0) {
|
||||||
int i;
|
int i;
|
||||||
@ -10,7 +10,7 @@ diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux
|
|||||||
char *args[] = { NULL, NULL, NULL, NULL, NULL };
|
char *args[] = { NULL, NULL, NULL, NULL, NULL };
|
||||||
|
|
||||||
+ /* replace std file descriptors with a dummy pipe */
|
+ /* replace std file descriptors with a dummy pipe */
|
||||||
+ if (pipe(dummyfds) == 0) {
|
+ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
|
||||||
+ dup2(dummyfds[0], STDIN_FILENO);
|
+ dup2(dummyfds[0], STDIN_FILENO);
|
||||||
+ dup2(dummyfds[1], STDOUT_FILENO);
|
+ dup2(dummyfds[1], STDOUT_FILENO);
|
||||||
+ dup2(dummyfds[1], STDERR_FILENO);
|
+ dup2(dummyfds[1], STDERR_FILENO);
|
||||||
@ -26,16 +26,24 @@ diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux
|
|||||||
}
|
}
|
||||||
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c
|
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c
|
||||||
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
||||||
+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c 2012-08-17 13:22:51.664560481 +0200
|
+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c 2013-04-23 17:10:28.928870251 +0200
|
||||||
@@ -105,16 +105,18 @@ int _unix_run_verify_binary(pam_handle_t
|
@@ -100,21 +100,26 @@ int _unix_run_verify_binary(pam_handle_t
|
||||||
|
if (child == 0) {
|
||||||
|
int i=0;
|
||||||
|
struct rlimit rlim;
|
||||||
|
+ int dummyfds[2];
|
||||||
|
static char *envp[] = { NULL };
|
||||||
|
char *args[] = { NULL, NULL, NULL, NULL };
|
||||||
|
|
||||||
/* reopen stdout as pipe */
|
/* reopen stdout as pipe */
|
||||||
dup2(fds[1], STDOUT_FILENO);
|
dup2(fds[1], STDOUT_FILENO);
|
||||||
+ /* and replace also the stdin, stderr so we do not exec the helper with
|
|
||||||
+ tty as stdin, it will not read anything from there anyway */
|
|
||||||
+ dup2(fds[0], STDIN_FILENO);
|
|
||||||
+ dup2(fds[1], STDERR_FILENO);
|
|
||||||
|
|
||||||
|
+ /* replace std file descriptors with a dummy pipe */
|
||||||
|
+ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
|
||||||
|
+ dup2(dummyfds[0], STDIN_FILENO);
|
||||||
|
+ dup2(dummyfds[1], STDERR_FILENO);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
/* XXX - should really tidy up PAM here too */
|
/* XXX - should really tidy up PAM here too */
|
||||||
|
|
||||||
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
|
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
|
||||||
@ -52,47 +60,63 @@ diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-
|
|||||||
|
|
||||||
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c
|
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c
|
||||||
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
||||||
+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c 2012-08-17 14:10:38.917346789 +0200
|
+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c 2013-04-23 17:13:49.047499806 +0200
|
||||||
@@ -210,13 +210,16 @@ static int _unix_run_update_binary(pam_h
|
@@ -202,6 +202,7 @@ static int _unix_run_update_binary(pam_h
|
||||||
|
if (child == 0) {
|
||||||
|
int i=0;
|
||||||
|
struct rlimit rlim;
|
||||||
|
+ int dummyfds[2];
|
||||||
|
static char *envp[] = { NULL };
|
||||||
|
char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
|
||||||
|
char buffer[16];
|
||||||
|
@@ -211,11 +212,17 @@ static int _unix_run_update_binary(pam_h
|
||||||
/* reopen stdin as pipe */
|
/* reopen stdin as pipe */
|
||||||
dup2(fds[0], STDIN_FILENO);
|
dup2(fds[0], STDIN_FILENO);
|
||||||
+ /* and replace also the stdout/err as the helper will
|
|
||||||
+ not write anything there */
|
|
||||||
+ dup2(fds[1], STDOUT_FILENO);
|
|
||||||
+ dup2(fds[1], STDERR_FILENO);
|
|
||||||
|
|
||||||
|
+ /* replace std file descriptors with a dummy pipe */
|
||||||
|
+ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
|
||||||
|
+ dup2(dummyfds[1], STDOUT_FILENO);
|
||||||
|
+ dup2(dummyfds[1], STDERR_FILENO);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
|
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
|
||||||
if (rlim.rlim_max >= MAX_FD_NO)
|
if (rlim.rlim_max >= MAX_FD_NO)
|
||||||
rlim.rlim_max = MAX_FD_NO;
|
rlim.rlim_max = MAX_FD_NO;
|
||||||
- for (i=0; i < (int)rlim.rlim_max; i++) {
|
- for (i=0; i < (int)rlim.rlim_max; i++) {
|
||||||
- if (i != STDIN_FILENO)
|
- if (i != STDIN_FILENO)
|
||||||
- close(i);
|
|
||||||
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
|
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
|
||||||
+ close(i);
|
+ if (i != dummyfds[0])
|
||||||
|
close(i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
diff -up Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/support.c
|
diff -up Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/support.c
|
||||||
--- Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
--- Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
|
||||||
+++ Linux-PAM-1.1.6/modules/pam_unix/support.c 2012-08-17 14:12:10.833511475 +0200
|
+++ Linux-PAM-1.1.6/modules/pam_unix/support.c 2013-04-23 17:16:47.505061373 +0200
|
||||||
@@ -469,13 +469,16 @@ static int _unix_run_helper_binary(pam_h
|
@@ -462,6 +462,7 @@ static int _unix_run_helper_binary(pam_h
|
||||||
|
if (child == 0) {
|
||||||
|
int i=0;
|
||||||
|
struct rlimit rlim;
|
||||||
|
+ int dummyfds[2];
|
||||||
|
static char *envp[] = { NULL };
|
||||||
|
char *args[] = { NULL, NULL, NULL, NULL };
|
||||||
|
|
||||||
|
@@ -470,11 +471,17 @@ static int _unix_run_helper_binary(pam_h
|
||||||
/* reopen stdin as pipe */
|
/* reopen stdin as pipe */
|
||||||
dup2(fds[0], STDIN_FILENO);
|
dup2(fds[0], STDIN_FILENO);
|
||||||
+ /* and replace also the stdout/err as the helper will
|
|
||||||
+ not write anything there */
|
|
||||||
+ dup2(fds[1], STDOUT_FILENO);
|
|
||||||
+ dup2(fds[1], STDERR_FILENO);
|
|
||||||
|
|
||||||
|
+ /* replace std file descriptors with a dummy pipe */
|
||||||
|
+ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
|
||||||
|
+ dup2(dummyfds[1], STDOUT_FILENO);
|
||||||
|
+ dup2(dummyfds[1], STDERR_FILENO);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
|
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
|
||||||
if (rlim.rlim_max >= MAX_FD_NO)
|
if (rlim.rlim_max >= MAX_FD_NO)
|
||||||
rlim.rlim_max = MAX_FD_NO;
|
rlim.rlim_max = MAX_FD_NO;
|
||||||
- for (i=0; i < (int)rlim.rlim_max; i++) {
|
- for (i=0; i < (int)rlim.rlim_max; i++) {
|
||||||
- if (i != STDIN_FILENO)
|
- if (i != STDIN_FILENO)
|
||||||
- close(i);
|
|
||||||
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
|
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
|
||||||
+ close(i);
|
+ if (i != dummyfds[0])
|
||||||
|
close(i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
5
pam.spec
5
pam.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: An extensible library which provides authentication for applications
|
Summary: An extensible library which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 1.1.6
|
Version: 1.1.6
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+
|
# The library is BSD licensed with option to relicense as GPLv2+
|
||||||
# - this option is redundant as the BSD license allows that anyway.
|
# - this option is redundant as the BSD license allows that anyway.
|
||||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||||
@ -389,6 +389,9 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 23 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-10
|
||||||
|
- pam_unix: do not fail with bad ld.so.preload
|
||||||
|
|
||||||
* Fri Mar 22 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-9
|
* Fri Mar 22 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-9
|
||||||
- do not fail if btmp file is corrupted (#906852)
|
- do not fail if btmp file is corrupted (#906852)
|
||||||
- fix strict aliasing warnings in build
|
- fix strict aliasing warnings in build
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user