From f19b5b86a16b75b296c070a6f3ac51470a7b4613 Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Fri, 5 Feb 2010 15:05:00 +0000 Subject: [PATCH] - Use %%{?_smp_mflags} - Use the four-parameter version of %%defattr - Be more paranoid about dropping privileges - Set PAM_TTY --- usermode-1.102-PAM_TTY.patch | 100 ++++++++++++++++++++++++++++++++++ usermode-1.102-paranoia.patch | 94 ++++++++++++++++++++++++++++++++ usermode.spec | 20 +++++-- 3 files changed, 210 insertions(+), 4 deletions(-) create mode 100644 usermode-1.102-PAM_TTY.patch create mode 100644 usermode-1.102-paranoia.patch diff --git a/usermode-1.102-PAM_TTY.patch b/usermode-1.102-PAM_TTY.patch new file mode 100644 index 0000000..846d14c --- /dev/null +++ b/usermode-1.102-PAM_TTY.patch @@ -0,0 +1,100 @@ +# HG changeset patch +# User Miloslav Trmač +# Date 1265372688 -3600 +# Node ID 9a7b1e69d0a8213092caf45beb52c07a8d334ea3 +# Parent 8a897830e2d8745a72eb4236f02a981cfdc95528 +Set PAM_TTY if known. + +2010-02-05 Miloslav Trmač + + * userhelper.c (set_pam_items): New function. + (passwd, chfn, wrap): Use pam_set_items. + +diff -r 8a897830e2d8 -r 9a7b1e69d0a8 ChangeLog +--- a/ChangeLog Thu Feb 04 23:00:17 2010 +0100 ++++ b/ChangeLog Fri Feb 05 13:24:48 2010 +0100 +@@ -1,3 +1,8 @@ ++2010-02-05 Miloslav Trmač ++ ++ * userhelper.c (set_pam_items): New function. ++ (passwd, chfn, wrap): Use pam_set_items. ++ + 2010-02-04 Miloslav Trmač + + * userhelper.c (become_super): Check for failures of the system +diff -r 8a897830e2d8 -r 9a7b1e69d0a8 userhelper.c +--- a/userhelper.c Thu Feb 04 23:00:17 2010 +0100 ++++ b/userhelper.c Fri Feb 05 13:24:48 2010 +0100 +@@ -1102,6 +1102,31 @@ + return NULL; + } + ++/* Set various attributes of DATA, including the requesting user USER. */ ++static void ++set_pam_items(struct app_data *data, const char *user) ++{ ++ int retval; ++ char *tty; ++ ++ retval = pam_set_item(data->pamh, PAM_RUSER, user); ++ if (retval != PAM_SUCCESS) { ++ debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n"); ++ fail_exit(data, retval); ++ } ++ ++ tty = ttyname(STDIN_FILENO); ++ if (tty != NULL) { ++ if (strncmp(tty, "/dev/", 5) == 0) ++ tty += 5; ++ retval = pam_set_item(data->pamh, PAM_TTY, tty); ++ if (retval != PAM_SUCCESS) { ++ debug_msg("userhelper: pam_set_item(PAM_TTY) failed\n"); ++ fail_exit(data, retval); ++ } ++ } ++} ++ + /* Change the user's password using the indicated conversation function and + * application data (which includes the ability to cancel if the user requests + * it. For this task, we don't retry on failure. */ +@@ -1118,11 +1143,7 @@ + fail_exit(conv->appdata_ptr, retval); + } + +- retval = pam_set_item(data->pamh, PAM_RUSER, user); +- if (retval != PAM_SUCCESS) { +- debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n"); +- fail_exit(conv->appdata_ptr, retval); +- } ++ set_pam_items(data, user); + + debug_msg("userhelper: changing password for \"%s\"\n", user); + retval = pam_chauthtok(data->pamh, 0); +@@ -1195,12 +1216,7 @@ + fail_exit(conv->appdata_ptr, retval); + } + +- /* Set the requesting user. */ +- retval = pam_set_item(data->pamh, PAM_RUSER, user); +- if (retval != PAM_SUCCESS) { +- debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n"); +- fail_exit(conv->appdata_ptr, retval); +- } ++ set_pam_items(data, user); + + /* Try to authenticate the user. */ + do { +@@ -1742,12 +1758,7 @@ + fail_exit(conv->appdata_ptr, retval); + } + +- /* Set the requesting user. */ +- retval = pam_set_item(data->pamh, PAM_RUSER, user); +- if (retval != PAM_SUCCESS) { +- debug_msg("userhelper: pam_set_item(PAM_RUSER) failed\n"); +- fail_exit(conv->appdata_ptr, retval); +- } ++ set_pam_items(data, user); + + /* Try to authenticate the user. */ + do { diff --git a/usermode-1.102-paranoia.patch b/usermode-1.102-paranoia.patch new file mode 100644 index 0000000..94218f3 --- /dev/null +++ b/usermode-1.102-paranoia.patch @@ -0,0 +1,94 @@ +# HG changeset patch +# User Miloslav Trmač +# Date 1265320817 -3600 +# Node ID 8a897830e2d8745a72eb4236f02a981cfdc95528 +# Parent 0dcd3edc6d56d65d8f02b31a9c807b1c152232c5 +Be more paranoid about manipulating user/group IDs. + +2010-02-04 Miloslav Trmač + + * userhelper.c (become_super): Check for failures of the system + calls in addition to verifying the expected results. + (become_normal): Check for failures of the system + calls in addition to verifying the expected results. Call setregid() + as well. Verify the real gid/uid values. + +diff -r 0dcd3edc6d56 -r 8a897830e2d8 ChangeLog +--- a/ChangeLog Sun Dec 06 17:02:50 2009 +0000 ++++ b/ChangeLog Thu Feb 04 23:00:17 2010 +0100 +@@ -1,3 +1,11 @@ ++2010-02-04 Miloslav Trmač ++ ++ * userhelper.c (become_super): Check for failures of the system ++ calls in addition to verifying the expected results. ++ (become_normal): Check for failures of the system ++ calls in addition to verifying the expected results. Call setregid() ++ as well. Verify the real gid/uid values. ++ + 2009-10-05 Miloslav Trmač + + * configure.ac: Release 1.102. +diff -r 0dcd3edc6d56 -r 8a897830e2d8 userhelper.c +--- a/userhelper.c Sun Dec 06 17:02:50 2009 +0000 ++++ b/userhelper.c Thu Feb 04 23:00:17 2010 +0100 +@@ -985,17 +985,20 @@ + static void + become_super(void) + { +- /* Become the superuser. */ +- setgroups(0, NULL); +- setregid(0, 0); +- setreuid(0, 0); +- /* Yes, setuid() and friends can fail, even for superusers. */ ++ /* Become the superuser. ++ Yes, setuid() and friends can fail, even for superusers. */ ++ if (setgroups(0, NULL) != 0 || ++ setregid(0, 0) != 0 || ++ setreuid(0, 0) != 0) { ++ debug_msg("userhelper: set*id() failure: %s\n", ++ strerror(errno)); ++ exit(ERR_EXEC_FAILED); ++ } + if ((geteuid() != 0) || + (getuid() != 0) || + (getegid() != 0) || + (getgid() != 0)) { +- debug_msg("userhelper: set*id() failure: %s\n", +- strerror(errno)); ++ debug_msg("userhelper: set*id() didn't work\n"); + exit(ERR_EXEC_FAILED); + } + } +@@ -1003,17 +1006,26 @@ + static void + become_normal(const char *user) + { +- /* Join the groups of the user who invoked us. */ +- initgroups(user, getgid()); ++ gid_t gid; ++ uid_t uid; ++ ++ gid = getgid(); ++ uid = getuid(); ++ /* Become the user who invoked us. */ ++ if (initgroups(user, gid) != 0 || ++ setregid(gid, gid) != 0 || ++ setreuid(uid, uid) != 0) { ++ debug_msg("userhelper: set*id() failure: %s\n", ++ strerror(errno)); ++ exit(ERR_EXEC_FAILED); ++ } + /* Verify that we're back to normal. */ +- if (getegid() != getgid()) { ++ if (getegid() != gid || getgid() != gid) { + debug_msg("userhelper: still setgid()\n"); + exit(ERR_EXEC_FAILED); + } +- /* Become the user who invoked us. */ +- setreuid(getuid(), getuid()); + /* Yes, setuid() can fail. */ +- if (geteuid() != getuid()) { ++ if (geteuid() != uid || getuid() != uid) { + debug_msg("userhelper: still setuid()\n"); + exit(ERR_EXEC_FAILED); + } diff --git a/usermode.spec b/usermode.spec index ed49a89..472eb71 100644 --- a/usermode.spec +++ b/usermode.spec @@ -1,11 +1,15 @@ Summary: Tools for certain user account management tasks Name: usermode Version: 1.102 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: Applications/System URL: https://fedorahosted.org/usermode/ Source: https://fedorahosted.org/releases/u/s/usermode/usermode-%{version}.tar.bz2 +# Committed upstream +Patch0: usermode-1.102-paranoia.patch +# Committed upstream +Patch1: usermode-1.102-PAM_TTY.patch Requires: pam, passwd, util-linux BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel @@ -35,11 +39,13 @@ graphical tools for certain account management tasks. %prep %setup -q +%patch0 -p1 -b .paranoia +%patch1 -p1 -b .PAM_TTY %build %configure --with-selinux -make +make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT @@ -74,7 +80,7 @@ done rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang -%defattr(-,root,root) +%defattr(-,root,root,-) %doc COPYING ChangeLog NEWS README %attr(4711,root,root) /usr/sbin/userhelper %{_bindir}/consolehelper @@ -94,7 +100,7 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) /etc/security/console.apps/poweroff %files gtk -%defattr(-,root,root) +%defattr(-,root,root,-) %{_bindir}/usermount %{_mandir}/man1/usermount.1* %{_bindir}/userformat @@ -112,6 +118,12 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/applications/* %changelog +* Fri Feb 5 2010 Miloslav Trmač - 1.102-2 +- Use %%{?_smp_mflags} +- Use the four-parameter version of %%defattr +- Be more paranoid about dropping privileges +- Set PAM_TTY + * Mon Oct 5 2009 Miloslav Trmač - 1.102-1 - Update to usermode-1.102