summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKees Cook <kees@debian.org>2011-10-13 12:50:26 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:47 -0800
commit10bf286f98fb2c571db240c4a58ecb77e2a4f6de (patch)
tree9957afb4435f074d128f8a5182bd037732f5f48d
parente5d6334b09673bd2ba996a2a6bf597fda864a879 (diff)
* debian/patches-applied/008_modules_pam_limits_chroot:
- fix off-by-one when parsing configuration file. - when using chroot, chdir() to root to lose links to old tree.
-rw-r--r--debian/changelog3
-rw-r--r--debian/patches-applied/008_modules_pam_limits_chroot36
2 files changed, 23 insertions, 16 deletions
diff --git a/debian/changelog b/debian/changelog
index 1edb6d0b..471576b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ pam (1.1.3-5) UNRELEASED; urgency=low
* debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
setresgid() to wipe out saved-gid just in case.
+ * debian/patches-applied/008_modules_pam_limits_chroot:
+ - fix off-by-one when parsing configuration file.
+ - when using chroot, chdir() to root to lose links to old tree.
-- Kees Cook <kees@debian.org> Thu, 13 Oct 2011 12:31:03 -0700
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot
index 46befadd..034a9472 100644
--- a/debian/patches-applied/008_modules_pam_limits_chroot
+++ b/debian/patches-applied/008_modules_pam_limits_chroot
@@ -1,7 +1,7 @@
-Index: pam.deb/modules/pam_limits/pam_limits.c
+Index: pam-debian/modules/pam_limits/pam_limits.c
===================================================================
---- pam.deb.orig/modules/pam_limits/pam_limits.c
-+++ pam.deb/modules/pam_limits/pam_limits.c
+--- pam-debian.orig/modules/pam_limits/pam_limits.c 2011-10-10 16:22:04.834687620 -0700
++++ pam-debian/modules/pam_limits/pam_limits.c 2011-10-10 16:35:22.120782459 -0700
@@ -79,6 +79,7 @@
int flag_numsyslogins; /* whether to limit logins only for a
specific user or to count all logins */
@@ -48,18 +48,20 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
#ifdef __USE_FILE_OFFSET64
rlimit_value = strtoull (lim_value, &endptr, 10);
#else
-@@ -487,7 +493,9 @@
+@@ -487,7 +493,11 @@
#endif
}
- if ( (limit_item != LIMIT_LOGIN)
-+ if (limit_item == LIMIT_CHROOT)
-+ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir));
++ if (limit_item == LIMIT_CHROOT) {
++ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)-1);
++ pl->chroot_dir[sizeof(pl->chroot_dir)-1]='\0';
++ }
+ else if ( (limit_item != LIMIT_LOGIN)
&& (limit_item != LIMIT_NUMSYSLOGINS)
&& (limit_item != LIMIT_PRI) ) {
if (limit_type & LIMIT_SOFT) {
-@@ -689,6 +697,13 @@
+@@ -689,6 +699,15 @@
retval |= LOGIN_ERR;
}
@@ -67,16 +69,18 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
+ i = chdir(pl->chroot_dir);
+ if (i == 0)
+ i = chroot(pl->chroot_dir);
++ if (i == 0)
++ i = chdir("/");
+ if (i != 0)
+ retval = LIMIT_ERR;
+ }
return retval;
}
-Index: pam.deb/modules/pam_limits/limits.conf.5.xml
+Index: pam-debian/modules/pam_limits/limits.conf.5.xml
===================================================================
---- pam.deb.orig/modules/pam_limits/limits.conf.5.xml
-+++ pam.deb/modules/pam_limits/limits.conf.5.xml
+--- pam-debian.orig/modules/pam_limits/limits.conf.5.xml 2011-10-10 16:22:04.782686961 -0700
++++ pam-debian/modules/pam_limits/limits.conf.5.xml 2011-10-10 16:25:59.789664947 -0700
@@ -224,6 +224,12 @@
(Linux 2.6.12 and higher)</para>
</listitem>
@@ -90,10 +94,10 @@ Index: pam.deb/modules/pam_limits/limits.conf.5.xml
</variablelist>
</listitem>
</varlistentry>
-Index: pam.deb/modules/pam_limits/limits.conf.5
+Index: pam-debian/modules/pam_limits/limits.conf.5
===================================================================
---- pam.deb.orig/modules/pam_limits/limits.conf.5
-+++ pam.deb/modules/pam_limits/limits.conf.5
+--- pam-debian.orig/modules/pam_limits/limits.conf.5 2011-10-10 16:22:04.770686808 -0700
++++ pam-debian/modules/pam_limits/limits.conf.5 2011-10-10 16:25:59.789664947 -0700
@@ -1,161 +1,22 @@
+'\" t
.\" Title: limits.conf
@@ -339,10 +343,10 @@ Index: pam.deb/modules/pam_limits/limits.conf.5
.if n \{\
.RE
.\}
-Index: pam.deb/modules/pam_limits/limits.conf
+Index: pam-debian/modules/pam_limits/limits.conf
===================================================================
---- pam.deb.orig/modules/pam_limits/limits.conf
-+++ pam.deb/modules/pam_limits/limits.conf
+--- pam-debian.orig/modules/pam_limits/limits.conf 2011-10-10 16:22:04.806687265 -0700
++++ pam-debian/modules/pam_limits/limits.conf 2011-10-10 16:25:59.789664947 -0700
@@ -35,6 +35,7 @@
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]