- Use %%{?_smp_mflags}

- Use the four-parameter version of %%defattr
- Be more paranoid about dropping privileges
- Set PAM_TTY

usermode-1.102-PAM_TTY.patch

@@ -0,0 +1,100 @@
+# HG changeset patch
+# User Miloslav Trmač <mitr@redhat.com>
+# Date 1265372688 -3600
+# Node ID 9a7b1e69d0a8213092caf45beb52c07a8d334ea3
+# Parent  8a897830e2d8745a72eb4236f02a981cfdc95528
+Set PAM_TTY if known.
+
+2010-02-05  Miloslav Trmač  <mitr@redhat.com>
+
+	* userhelper.c (set_pam_items): New function.
+	(passwd, chfn, wrap): Use pam_set_items.
+
+diff -r 8a897830e2d8 -r 9a7b1e69d0a8 ChangeLog
+--- a/ChangeLog	Thu Feb 04 23:00:17 2010 +0100
++++ b/ChangeLog	Fri Feb 05 13:24:48 2010 +0100
+@@ -1,3 +1,8 @@
++2010-02-05  Miloslav Trmač  <mitr@redhat.com>
++
++	* userhelper.c (set_pam_items): New function.
++	(passwd, chfn, wrap): Use pam_set_items.
++
+ 2010-02-04  Miloslav Trmač  <mitr@redhat.com>
+ 
+ 	* userhelper.c (become_super): Check for failures of the system
+diff -r 8a897830e2d8 -r 9a7b1e69d0a8 userhelper.c
+--- a/userhelper.c	Thu Feb 04 23:00:17 2010 +0100
++++ b/userhelper.c	Fri Feb 05 13:24:48 2010 +0100
+@@ -1102,6 +1102,31 @@
+ 	return NULL;
+ }
+ 
++/* Set various attributes of DATA, including the requesting user USER. */
++static void
++set_pam_items(struct app_data *data, const char *user)
++{
++	int retval;
++	char *tty;
++
++	retval = pam_set_item(data->pamh, PAM_RUSER, user);
++	if (retval != PAM_SUCCESS) {
++		debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n");
++		fail_exit(data, retval);
++	}
++
++	tty = ttyname(STDIN_FILENO);
++	if (tty != NULL) {
++		if (strncmp(tty, "/dev/", 5) == 0)
++			tty += 5;
++		retval = pam_set_item(data->pamh, PAM_TTY, tty);
++		if (retval != PAM_SUCCESS) {
++			debug_msg("userhelper: pam_set_item(PAM_TTY) failed\n");
++			fail_exit(data, retval);
++		}
++	}
++}
++
+ /* Change the user's password using the indicated conversation function and
+  * application data (which includes the ability to cancel if the user requests
+  * it.  For this task, we don't retry on failure. */
+@@ -1118,11 +1143,7 @@
+ 		fail_exit(conv->appdata_ptr, retval);
+ 	}
+ 
+-	retval = pam_set_item(data->pamh, PAM_RUSER, user);
+-	if (retval != PAM_SUCCESS) {
+-		debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n");
+-		fail_exit(conv->appdata_ptr, retval);
+-	}
++	set_pam_items(data, user);
+ 
+ 	debug_msg("userhelper: changing password for \"%s\"\n", user);
+ 	retval = pam_chauthtok(data->pamh, 0);
+@@ -1195,12 +1216,7 @@
+ 		fail_exit(conv->appdata_ptr, retval);
+ 	}
+ 
+-	/* Set the requesting user. */
+-	retval = pam_set_item(data->pamh, PAM_RUSER, user);
+-	if (retval != PAM_SUCCESS) {
+-		debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n");
+-		fail_exit(conv->appdata_ptr, retval);
+-	}
++	set_pam_items(data, user);
+ 
+ 	/* Try to authenticate the user. */
+ 	do {
+@@ -1742,12 +1758,7 @@
+ 		fail_exit(conv->appdata_ptr, retval);
+ 	}
+ 
+-	/* Set the requesting user. */
+-	retval = pam_set_item(data->pamh, PAM_RUSER, user);
+-	if (retval != PAM_SUCCESS) {
+-		debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n");
+-		fail_exit(conv->appdata_ptr, retval);
+-	}
++	set_pam_items(data, user);
+ 
+ 	/* Try to authenticate the user. */
+ 	do {

usermode-1.102-paranoia.patch

@@ -0,0 +1,94 @@
+# HG changeset patch
+# User Miloslav Trmač <mitr@redhat.com>
+# Date 1265320817 -3600
+# Node ID 8a897830e2d8745a72eb4236f02a981cfdc95528
+# Parent  0dcd3edc6d56d65d8f02b31a9c807b1c152232c5
+Be more paranoid about manipulating user/group IDs.
+
+2010-02-04  Miloslav Trmač  <mitr@redhat.com>
+
+	* userhelper.c (become_super): Check for failures of the system
+	calls in addition to verifying the expected results.
+	(become_normal): Check for failures of the system
+	calls in addition to verifying the expected results.  Call setregid()
+	as well.  Verify the real gid/uid values.
+
+diff -r 0dcd3edc6d56 -r 8a897830e2d8 ChangeLog
+--- a/ChangeLog	Sun Dec 06 17:02:50 2009 +0000
++++ b/ChangeLog	Thu Feb 04 23:00:17 2010 +0100
+@@ -1,3 +1,11 @@
++2010-02-04  Miloslav Trmač  <mitr@redhat.com>
++
++	* userhelper.c (become_super): Check for failures of the system
++	calls in addition to verifying the expected results.
++	(become_normal): Check for failures of the system
++	calls in addition to verifying the expected results.  Call setregid()
++	as well.  Verify the real gid/uid values.
++
+ 2009-10-05  Miloslav Trmač  <mitr@redhat.com>
+ 
+ 	* configure.ac: Release 1.102.
+diff -r 0dcd3edc6d56 -r 8a897830e2d8 userhelper.c
+--- a/userhelper.c	Sun Dec 06 17:02:50 2009 +0000
++++ b/userhelper.c	Thu Feb 04 23:00:17 2010 +0100
+@@ -985,17 +985,20 @@
+ static void
+ become_super(void)
+ {
+-	/* Become the superuser. */
+-	setgroups(0, NULL);
+-	setregid(0, 0);
+-	setreuid(0, 0);
+-	/* Yes, setuid() and friends can fail, even for superusers. */
++	/* Become the superuser.
++	   Yes, setuid() and friends can fail, even for superusers. */
++	if (setgroups(0, NULL) != 0 ||
++	    setregid(0, 0) != 0 ||
++	    setreuid(0, 0) != 0) {
++		debug_msg("userhelper: set*id() failure: %s\n",
++			  strerror(errno));
++		exit(ERR_EXEC_FAILED);
++	}
+ 	if ((geteuid() != 0) ||
+ 	    (getuid() != 0) ||
+ 	    (getegid() != 0) ||
+ 	    (getgid() != 0)) {
+-		debug_msg("userhelper: set*id() failure: %s\n",
+-			  strerror(errno));
++		debug_msg("userhelper: set*id() didn't work\n");
+ 		exit(ERR_EXEC_FAILED);
+ 	}
+ }
+@@ -1003,17 +1006,26 @@
+ static void
+ become_normal(const char *user)
+ {
+-	/* Join the groups of the user who invoked us. */
+-	initgroups(user, getgid());
++	gid_t gid;
++	uid_t uid;
++
++	gid = getgid();
++	uid = getuid();
++	/* Become the user who invoked us. */
++	if (initgroups(user, gid) != 0 ||
++	    setregid(gid, gid) != 0 ||
++	    setreuid(uid, uid) != 0) {
++		debug_msg("userhelper: set*id() failure: %s\n",
++			  strerror(errno));
++		exit(ERR_EXEC_FAILED);
++	}
+ 	/* Verify that we're back to normal. */
+-	if (getegid() != getgid()) {
++	if (getegid() != gid || getgid() != gid) {
+ 		debug_msg("userhelper: still setgid()\n");
+ 		exit(ERR_EXEC_FAILED);
+ 	}
+-	/* Become the user who invoked us. */
+-	setreuid(getuid(), getuid());
+ 	/* Yes, setuid() can fail. */
+-	if (geteuid() != getuid()) {
++	if (geteuid() != uid || getuid() != uid) {
+ 		debug_msg("userhelper: still setuid()\n");
+ 		exit(ERR_EXEC_FAILED);
+ 	}

usermode.spec

@@ -1,11 +1,15 @@
 Summary: Tools for certain user account management tasks
 Name: usermode
 Version: 1.102
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://fedorahosted.org/usermode/
 Source: https://fedorahosted.org/releases/u/s/usermode/usermode-%{version}.tar.bz2
+# Committed upstream
+Patch0: usermode-1.102-paranoia.patch
+# Committed upstream
+Patch1: usermode-1.102-PAM_TTY.patch
 Requires: pam, passwd, util-linux
 BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool
 BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel
@@ -35,11 +39,13 @@ graphical tools for certain account management tasks.
 
 %prep
 %setup -q
+%patch0 -p1 -b .paranoia
+%patch1 -p1 -b .PAM_TTY
 
 %build
 %configure --with-selinux
 
-make
+make %{?_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -74,7 +80,7 @@ done
 rm -rf $RPM_BUILD_ROOT
 
 %files -f %{name}.lang
-%defattr(-,root,root)
+%defattr(-,root,root,-)
 %doc COPYING ChangeLog NEWS README
 %attr(4711,root,root) /usr/sbin/userhelper
 %{_bindir}/consolehelper
@@ -94,7 +100,7 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) /etc/security/console.apps/poweroff
 
 %files gtk
-%defattr(-,root,root)
+%defattr(-,root,root,-)
 %{_bindir}/usermount
 %{_mandir}/man1/usermount.1*
 %{_bindir}/userformat
@@ -112,6 +118,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/applications/*
 
 %changelog
+* Fri Feb  5 2010 Miloslav Trmač <mitr@redhat.com> - 1.102-2
+- Use %%{?_smp_mflags}
+- Use the four-parameter version of %%defattr
+- Be more paranoid about dropping privileges
+- Set PAM_TTY
+
 * Mon Oct  5 2009 Miloslav Trmač <mitr@redhat.com> - 1.102-1
 - Update to usermode-1.102