diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-08-13 08:59:53 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-08-13 08:59:53 +0000 |
| commit | 07b5f4ce482ef22270a6c18ba01d108c065b9de2 (patch) | |
| tree | 442ccb5407d52983b81a937dc83c0c035a3493eb /modules/pam_env | |
| parent | 660464aa88967f55ab3ec7d54cba20757d884634 (diff) | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mail/pam_mail.c: Check for mail only with user
privilegs.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Check return
value of setgid, setgroups and setuid.
* modules/pam_xauth/pam_xauth.c (check_acl): Save errno for
later usage.
* modules/pam_env/pam_env.c (handle_env): Check if user exists,
read local user config only with user privilegs.`
Diffstat (limited to 'modules/pam_env')
| -rw-r--r-- | modules/pam_env/pam_env.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 84953104..4e5f6eb3 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -23,6 +23,7 @@ #include <string.h> #include <syslog.h> #include <sys/stat.h> +#include <sys/fsuid.h> #include <sys/types.h> #include <unistd.h> @@ -772,13 +773,14 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) if(user_readenv && retval == PAM_SUCCESS) { char *envpath = NULL; - struct passwd *user_entry; + struct passwd *user_entry = NULL; const char *username; struct stat statbuf; username = _pam_get_item_byname(pamh, "PAM_USER"); - user_entry = pam_modutil_getpwnam (pamh, username); + if (username) + user_entry = pam_modutil_getpwnam (pamh, username); if (!user_entry) { pam_syslog(pamh, LOG_ERR, "No such user!?"); } @@ -789,7 +791,10 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) return PAM_BUF_ERR; } if (stat(envpath, &statbuf) == 0) { + uid_t euid = geteuid(); + setfsuid (user_entry->pw_uid); retval = _parse_config_file(pamh, envpath); + setfsuid (euid); if (retval == PAM_IGNORE) retval = PAM_SUCCESS; } |