vncsession: use /bin/sh if the user shell is not set

Resolves: RHEL-52827
This commit is contained in:
Jan Grulich 2024-08-05 13:07:51 +02:00
parent 2ae9746371
commit 81e5dc3954
2 changed files with 36 additions and 1 deletions

View File

@ -0,0 +1,29 @@
From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
From: Carlos Santos <casantos@redhat.com>
Date: Thu, 25 Jul 2024 18:39:59 -0300
Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
An empty shell field in the password file is valid, although not common.
Use /bin/sh in this case, as documented in the passwd(5) man page, since
the vncserver script requires a non-empty SHELL environment variable.
Fixes issue #1786.
Signed-off-by: Carlos Santos <casantos@redhat.com>
---
unix/vncserver/vncsession.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 1ee096c7c..98a0432aa 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
// Set up some basic environment for the script
setenv("HOME", pwent->pw_dir, 1);
- setenv("SHELL", pwent->pw_shell, 1);
+ setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
setenv("LOGNAME", pwent->pw_name, 1);
setenv("USER", pwent->pw_name, 1);
setenv("USERNAME", pwent->pw_name, 1);

View File

@ -5,7 +5,7 @@
Name: tigervnc Name: tigervnc
Version: 1.13.1 Version: 1.13.1
Release: 12%{?dist} Release: 13%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
%global _hardened_build 1 %global _hardened_build 1
@ -30,6 +30,7 @@ Patch3: tigervnc-dont-install-appstream-metadata-file.patch
Patch50: tigervnc-support-username-alias-in-plainusers.patch Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch
Patch53: tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
# Upstreamable patches # Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
@ -197,6 +198,7 @@ popd
%patch50 -p1 -b .support-username-alias-in-plainusers %patch50 -p1 -b .support-username-alias-in-plainusers
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd %patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
%patch52 -p1 -b .add-option-to-force-view-only-remote-connections %patch52 -p1 -b .add-option-to-force-view-only-remote-connections
%patch53 -p1 -b .tigervnc-vncsession-use-bin-sh-when-shell-not-set
# Upstreamable patches # Upstreamable patches
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device %patch80 -p1 -b .dont-get-pointer-position-for-floating-device
@ -354,6 +356,10 @@ fi
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog %changelog
* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-13
- vncsession: use /bin/sh if the user shell is not set
Resolves: RHEL-52827
* Fri Jul 12 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-12 * Fri Jul 12 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-12
- Fix FTBS: drop already applied Xorg patches - Fix FTBS: drop already applied Xorg patches
Resolves: RHEL-46696 Resolves: RHEL-46696