rpms/tigervnc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

vncsession: use /bin/sh if the user shell is not set

Browse Source 
Resolves: RHEL-50679
This commit is contained in:
Jan Grulich 2024-08-05 13:07:51 +02:00
parent 45289fbdbc
commit c27de8c289
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch Normal file
View File

@ -0,0 +1,29 @@
From 4db34f73d461b973867ddaf18bf690219229cd7a Mon Sep 17 00:00:00 2001
From: Carlos Santos <casantos@redhat.com>
Date: Thu, 25 Jul 2024 18:39:59 -0300
Subject: [PATCH] vncsession: use /bin/sh if the user shell is not set
An empty shell field in the password file is valid, although not common.
Use /bin/sh in this case, as documented in the passwd(5) man page, since
the vncserver script requires a non-empty SHELL environment variable.
Fixes issue #1786.
Signed-off-by: Carlos Santos <casantos@redhat.com>
---
unix/vncserver/vncsession.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
index 1ee096c7c..98a0432aa 100644
--- a/unix/vncserver/vncsession.c
+++ b/unix/vncserver/vncsession.c
@@ -545,7 +545,7 @@ run_script(const char *username, const char *display, char **envp)
// Set up some basic environment for the script
setenv("HOME", pwent->pw_dir, 1);
- setenv("SHELL", pwent->pw_shell, 1);
+ setenv("SHELL", *pwent->pw_shell != '\0' ? pwent->pw_shell : "/bin/sh", 1);
setenv("LOGNAME", pwent->pw_name, 1);
setenv("USER", pwent->pw_name, 1);
setenv("USERNAME", pwent->pw_name, 1);

8
tigervnc.spec
View File

@ -5,7 +5,7 @@
Name: tigervnc Name: tigervnc
Version: 1.13.1 Version: 1.13.1
Release: 10%{?dist} Release: 11%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
%global _hardened_build 1 %global _hardened_build 1
@ -29,6 +29,7 @@ Patch2: tigervnc-vncsession-restore-script-systemd-service.patch
Patch50: tigervnc-support-username-alias-in-plainusers.patch Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch Patch52: tigervnc-add-option-to-force-view-only-remote-connections.patch
Patch53: tigervnc-vncsession-use-bin-sh-when-shell-not-set.patch
# Upstreamable patches # Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
@ -200,6 +201,7 @@ popd
%patch50 -p1 -b .support-username-alias-in-plainusers %patch50 -p1 -b .support-username-alias-in-plainusers
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd %patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
%patch52 -p1 -b .add-option-to-force-view-only-remote-connections %patch52 -p1 -b .add-option-to-force-view-only-remote-connections
%patch53 -p1 -b .tigervnc-vncsession-use-bin-sh-when-shell-not-set
# Upstreamable patches # Upstreamable patches
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device %patch80 -p1 -b .dont-get-pointer-position-for-floating-device
@ -385,6 +387,10 @@ fi
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog %changelog
* Mon Aug 05 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-11
- vncsession: use /bin/sh if the user shell is not set
Resolves: RHEL-50679
* Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10 * Tue May 28 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-10
- vncconfig: add option to force view-only remote client connections - vncconfig: add option to force view-only remote client connections
Resolves: RHEL-12144 Resolves: RHEL-12144