rpms/sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- fix #154511 – sudo does not use limits.conf

Browse Source
This commit is contained in:
kzak 2005-05-24 14:52:13 +00:00
parent 1099aa2c67
commit cc2f1bd45b
2 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
sudo-1.6.8p8-pam-sess.patch Normal file
View File

@ -0,0 +1,32 @@
--- sudo-1.6.8p8/auth/pam.c.sess 2005-05-24 16:38:35.976866872 +0200
+++ sudo-1.6.8p8/auth/pam.c 2005-05-24 16:39:50.061604280 +0200
@@ -175,6 +175,8 @@
pam_prep_user(pw)
struct passwd *pw;
{
+ int error;
+
if (pamh == NULL)
pam_init(pw, NULL, NULL);
@@ -195,6 +197,20 @@
*/
(void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ /*
+ * That's enough initialize PAM session in this function, because
+ * sudo calls it before exec()
+ */
+ if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
+ pam_end(pamh, error);
+ return(AUTH_FAILURE);
+ }
+ /*
+ * For example settings from pam_limits are persistent after pam_session_close() and
+ * it's probably more clean call pam_close_session() than omit it.
+ */
+ pam_close_session(pamh, 0);
+
if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
return(AUTH_SUCCESS);
else

11
sudo.spec
View File

@ -4,7 +4,7 @@
Summary: Allows restricted root access for specified users. Summary: Allows restricted root access for specified users.
Name: sudo Name: sudo
Version: 1.6.8p8 Version: 1.6.8p8
Release: 1 Release: 2
License: BSD License: BSD
Group: Applications/System Group: Applications/System
Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@ -17,6 +17,8 @@ BuildRequires: pam-devel, groff
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
%endif %endif
# 154511 sudo does not use limits.conf
Patch2: sudo-1.6.8p8-pam-sess.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -36,6 +38,8 @@ on many different machines.
%patch1 -p1 -b .selinux %patch1 -p1 -b .selinux
%endif %endif
%patch2 -p1 -b .sess
%build %build
%ifarch s390 s390x %ifarch s390 s390x
F_PIE=-fPIE F_PIE=-fPIE
@ -71,7 +75,7 @@ cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
auth required pam_stack.so service=system-auth auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth session required pam_limits.so
EOF EOF
@ -101,6 +105,9 @@ rm -rf $RPM_BUILD_ROOT
/bin/chmod 0440 /etc/sudoers || : /bin/chmod 0440 /etc/sudoers || :
%changelog %changelog
* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
- fix #154511 sudo does not use limits.conf
* Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1 * Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
- new version 1.6.8p8: new sudoedit and sudo_noexec - new version 1.6.8p8: new sudoedit and sudo_noexec