summaryrefslogtreecommitdiff
path: root/modules/pam_mail
diff options
context:
space:
mode:
authorDmitry V. Levin <ldv@altlinux.org>2010-10-03 21:00:53 +0000
committerDmitry V. Levin <ldv@altlinux.org>2010-10-03 21:00:53 +0000
commit0b1055f64657dc0bf175f75c23470b2be7630451 (patch)
treef5957bb81fcfcf982d122c1d8ebdd4c81be9b73a /modules/pam_mail
parentc388a2730d012b5101d264c83f8db586acd3a70c (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431.
Diffstat (limited to 'modules/pam_mail')
-rw-r--r--modules/pam_mail/pam_mail.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index c19cbbe3..f5ba1733 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -17,7 +17,6 @@
#include <syslog.h>
#include <sys/stat.h>
#include <sys/types.h>
-#include <sys/fsuid.h>
#include <unistd.h>
#include <dirent.h>
#include <errno.h>
@@ -444,9 +443,18 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc,
if ((est && !(ctrl & PAM_NO_LOGIN))
|| (!est && (ctrl & PAM_LOGOUT_TOO))) {
- uid_t fsuid = setfsuid(pwd->pw_uid);
- type = get_mail_status(pamh, ctrl, folder);
- setfsuid(fsuid);
+ PAM_MODUTIL_DEF_PRIVS(privs);
+
+ if (pam_modutil_drop_priv(pamh, &privs, pwd)) {
+ retval = PAM_SESSION_ERR;
+ goto do_mail_cleanup;
+ } else {
+ type = get_mail_status(pamh, ctrl, folder);
+ if (pam_modutil_regain_priv(pamh, &privs)) {
+ retval = PAM_SESSION_ERR;
+ goto do_mail_cleanup;
+ }
+ }
if (type != 0) {
retval = report_mail(pamh, ctrl, type, folder);