diff options
Diffstat (limited to 'debian/patches-applied/036_pam_wheel_getlogin_considered_harmful')
-rw-r--r-- | debian/patches-applied/036_pam_wheel_getlogin_considered_harmful | 334 |
1 files changed, 203 insertions, 131 deletions
diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful index 50f62cee..20f408a3 100644 --- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful +++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful @@ -105,156 +105,228 @@ Index: pam.deb/modules/pam_wheel/pam_wheel.8 =================================================================== --- pam.deb.orig/modules/pam_wheel/pam_wheel.8 +++ pam.deb/modules/pam_wheel/pam_wheel.8 -@@ -1,64 +1,59 @@ +@@ -1,161 +1,13 @@ ++'\" t .\" Title: pam_wheel - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/> --.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/> -+.\" Date: 07/27/2008 + .\" Author: [see the "AUTHOR" section] +-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> +-.\" Date: 03/02/2009 ++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> ++.\" Date: 08/24/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual + .\" Language: English .\" --.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l - .SH "NAME" --pam_wheel - Only permit root access to members of group wheel -+pam_wheel \- Only permit root access to members of group wheel - .SH "SYNOPSIS" - .HP 13 --\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] +-.TH "PAM_WHEEL" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual" +-.\" ----------------------------------------------------------------- +-.\" * (re)Define some macros +-.\" ----------------------------------------------------------------- +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" toupper - uppercase a string (locale-aware) +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.de toupper +-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ +-\\$* +-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz +-.. +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" SH-xref - format a cross-reference to an SH section +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.de SH-xref +-.ie n \{\ +-.\} +-.toupper \\$* +-.el \{\ +-\\$* +-.\} +-.. +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" SH - level-one heading that works better for non-TTY output +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.de1 SH +-.\" put an extra blank line of space above the head in non-TTY output +-.if t \{\ +-.sp 1 +-.\} +-.sp \\n[PD]u +-.nr an-level 1 +-.set-an-margin +-.nr an-prevailing-indent \\n[IN] +-.fi +-.in \\n[an-margin]u +-.ti 0 +-.HTML-TAG ".NH \\n[an-level]" +-.it 1 an-trap +-.nr an-no-space-flag 1 +-.nr an-break-flag 1 +-\." make the size of the head bigger +-.ps +3 +-.ft B +-.ne (2v + 1u) +-.ie n \{\ +-.\" if n (TTY output), use uppercase +-.toupper \\$* +-.\} +-.el \{\ +-.nr an-break-flag 0 +-.\" if not n (not TTY), use normal case (not uppercase) +-\\$1 +-.in \\n[an-margin]u +-.ti 0 +-.\" if not n (not TTY), put a border/line under subheading +-.sp -.6 +-\l'\n(.lu' +-.\} +-.. +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" SS - level-two heading that works better for non-TTY output +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.de1 SS +-.sp \\n[PD]u +-.nr an-level 1 +-.set-an-margin +-.nr an-prevailing-indent \\n[IN] +-.fi +-.in \\n[IN]u +-.ti \\n[SN]u +-.it 1 an-trap +-.nr an-no-space-flag 1 +-.nr an-break-flag 1 +-.ps \\n[PS-SS]u +-\." make the size of the head bigger +-.ps +2 +-.ft B +-.ne (2v + 1u) +-.if \\n[.$] \&\\$* +-.. +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" BB/BE - put background/screen (filled box) around block of text +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.de BB +-.if t \{\ +-.sp -.5 +-.br +-.in +2n +-.ll -2n +-.gcolor red +-.di BX +-.\} +-.. +-.de EB +-.if t \{\ +-.if "\\$2"adjust-for-leading-newline" \{\ +-.sp -1 +-.\} +-.br +-.di +-.in +-.ll +-.gcolor +-.nr BW \\n(.lu-\\n(.i +-.nr BH \\n(dn+.5v +-.ne \\n(BHu+.5v +-.ie "\\$2"adjust-for-leading-newline" \{\ +-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] +-.\} +-.el \{\ +-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] +-.\} +-.in 0 +-.sp -.5v +-.nf +-.BX +-.in +-.sp .5v +-.fi +-.\} +-.. +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.\" BM/EM - put colored marker in margin next to block of text +-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-.de BM +-.if t \{\ +-.br +-.ll -2n +-.gcolor red +-.di BX +-.\} +-.. +-.de EM +-.if t \{\ +-.br +-.di +-.ll +-.gcolor +-.nr BH \\n(dn +-.ne \\n(BHu +-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] +-.in 0 +-.nf +-.BX +-.in +-.fi +-.\} +-.. ++.TH "PAM_WHEEL" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * set default formatting + .\" ----------------------------------------------------------------- +@@ -166,13 +18,11 @@ + .\" ----------------------------------------------------------------- + .\" * MAIN CONTENT STARTS HERE * + .\" ----------------------------------------------------------------- +-.SH "Name" ++.SH "NAME" + pam_wheel \- Only permit root access to members of group wheel +-.SH "Synopsis" +-.fam C ++.SH "SYNOPSIS" + .HP \w'\fBpam_wheel\&.so\fR\ 'u +-\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] +-.fam +\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] .SH "DESCRIPTION" .PP The pam_wheel PAM module is used to enforce the so\-called - \fIwheel\fR --group\. By default it permits root access to the system if the applicant user is a member of the -+group\&. By default it permits root access to the system if the applicant user is a member of the - \fIwheel\fR --group\. If no group with this name exist, the module is using the group with the group\-ID --\fB0\fR\. -+group\&. If no group with this name exist, the module is using the group with the group\-ID -+\fB0\fR\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBdeny\fR - .RS 4 - Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the - \fBgroup\fR --option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless -+option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless - \fBtrust\fR --was also specified, in which case we return PAM_SUCCESS)\. -+was also specified, in which case we return PAM_SUCCESS)\&. - .RE - .PP - \fBgroup=\fR\fB\fIname\fR\fR - .RS 4 - Instead of checking the wheel or GID 0 groups, use the - \fB\fIname\fR\fR --group to perform the authentication\. -+group to perform the authentication\&. - .RE - .PP - \fBroot_only\fR +@@ -213,11 +63,6 @@ .RS 4 --The check for wheel membership is done only\. -+The check for wheel membership is done only\&. + The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. .RE - .PP - \fBtrust\fR - .RS 4 --The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\. --.RE -.PP -\fBuse_uid\fR -.RS 4 --The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\. -+The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. - .RE - .SH "MODULE SERVICES PROVIDED" - .PP -@@ -66,52 +61,52 @@ - \fBauth\fR - and - \fBaccount\fR --services are supported\. -+services are supported\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --Authentication failure\. -+Authentication failure\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 --The return value should be ignored by PAM dispatch\. -+The return value should be ignored by PAM dispatch\&. - .RE - .PP - PAM_PERM_DENY - .RS 4 --Permission denied\. -+Permission denied\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Cannot determine the user name\. -+Cannot determine the user name\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" +-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. +-.RE + .SH "MODULE TYPES PROVIDED" .PP --The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\. -+The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&. - .sp + The +@@ -268,26 +113,12 @@ + .if n \{\ .RS 4 + .\} +-.fam C +-.ps -1 .nf --su auth sufficient pam_rootok\.so --su auth required pam_wheel\.so --su auth required pam_unix\.so -+su auth sufficient pam_rootok\&.so -+su auth required pam_wheel\&.so -+su auth required pam_unix\&.so +-.if t \{\ +-.sp -1 +-.\} +-.BB lightgray adjust-for-leading-newline +-.sp -1 +- + su auth sufficient pam_rootok\&.so + su auth required pam_wheel\&.so + su auth required pam_unix\&.so +-.EB lightgray adjust-for-leading-newline +-.if t \{\ +-.sp 1 +-.\} .fi +-.fam +-.ps +1 + .if n \{\ .RE -@@ -124,4 +119,4 @@ - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_wheel was written by Cristian Gafton <gafton@redhat\.com>\. -+pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. + .\} Index: pam.deb/modules/pam_wheel/README =================================================================== --- pam.deb.orig/modules/pam_wheel/README |