summaryrefslogtreecommitdiff
path: root/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/036_pam_wheel_getlogin_considered_harmful')
-rw-r--r--debian/patches-applied/036_pam_wheel_getlogin_considered_harmful334
1 files changed, 203 insertions, 131 deletions
diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
index 50f62cee..20f408a3 100644
--- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
+++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
@@ -105,156 +105,228 @@ Index: pam.deb/modules/pam_wheel/pam_wheel.8
===================================================================
--- pam.deb.orig/modules/pam_wheel/pam_wheel.8
+++ pam.deb/modules/pam_wheel/pam_wheel.8
-@@ -1,64 +1,59 @@
+@@ -1,161 +1,13 @@
++'\" t
.\" Title: pam_wheel
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
--.\" Date: 04/16/2008
-+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
-+.\" Date: 07/27/2008
+ .\" Author: [see the "AUTHOR" section]
+-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+-.\" Date: 03/02/2009
++.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
++.\" Date: 08/24/2009
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
+ .\" Language: English
.\"
--.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_WHEEL" "8" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
- .ad l
- .SH "NAME"
--pam_wheel - Only permit root access to members of group wheel
-+pam_wheel \- Only permit root access to members of group wheel
- .SH "SYNOPSIS"
- .HP 13
--\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
+-.TH "PAM_WHEEL" "8" "03/02/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.\" -----------------------------------------------------------------
+-.\" * (re)Define some macros
+-.\" -----------------------------------------------------------------
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" toupper - uppercase a string (locale-aware)
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de toupper
+-.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+-\\$*
+-.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH-xref - format a cross-reference to an SH section
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de SH-xref
+-.ie n \{\
+-.\}
+-.toupper \\$*
+-.el \{\
+-\\$*
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SH - level-one heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SH
+-.\" put an extra blank line of space above the head in non-TTY output
+-.if t \{\
+-.sp 1
+-.\}
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[an-margin]u
+-.ti 0
+-.HTML-TAG ".NH \\n[an-level]"
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-\." make the size of the head bigger
+-.ps +3
+-.ft B
+-.ne (2v + 1u)
+-.ie n \{\
+-.\" if n (TTY output), use uppercase
+-.toupper \\$*
+-.\}
+-.el \{\
+-.nr an-break-flag 0
+-.\" if not n (not TTY), use normal case (not uppercase)
+-\\$1
+-.in \\n[an-margin]u
+-.ti 0
+-.\" if not n (not TTY), put a border/line under subheading
+-.sp -.6
+-\l'\n(.lu'
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" SS - level-two heading that works better for non-TTY output
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de1 SS
+-.sp \\n[PD]u
+-.nr an-level 1
+-.set-an-margin
+-.nr an-prevailing-indent \\n[IN]
+-.fi
+-.in \\n[IN]u
+-.ti \\n[SN]u
+-.it 1 an-trap
+-.nr an-no-space-flag 1
+-.nr an-break-flag 1
+-.ps \\n[PS-SS]u
+-\." make the size of the head bigger
+-.ps +2
+-.ft B
+-.ne (2v + 1u)
+-.if \\n[.$] \&\\$*
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BB/BE - put background/screen (filled box) around block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BB
+-.if t \{\
+-.sp -.5
+-.br
+-.in +2n
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EB
+-.if t \{\
+-.if "\\$2"adjust-for-leading-newline" \{\
+-.sp -1
+-.\}
+-.br
+-.di
+-.in
+-.ll
+-.gcolor
+-.nr BW \\n(.lu-\\n(.i
+-.nr BH \\n(dn+.5v
+-.ne \\n(BHu+.5v
+-.ie "\\$2"adjust-for-leading-newline" \{\
+-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.el \{\
+-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+-.\}
+-.in 0
+-.sp -.5v
+-.nf
+-.BX
+-.in
+-.sp .5v
+-.fi
+-.\}
+-..
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.\" BM/EM - put colored marker in margin next to block of text
+-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-.de BM
+-.if t \{\
+-.br
+-.ll -2n
+-.gcolor red
+-.di BX
+-.\}
+-..
+-.de EM
+-.if t \{\
+-.br
+-.di
+-.ll
+-.gcolor
+-.nr BH \\n(dn
+-.ne \\n(BHu
+-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+-.in 0
+-.nf
+-.BX
+-.in
+-.fi
+-.\}
+-..
++.TH "PAM_WHEEL" "8" "08/24/2009" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * set default formatting
+ .\" -----------------------------------------------------------------
+@@ -166,13 +18,11 @@
+ .\" -----------------------------------------------------------------
+ .\" * MAIN CONTENT STARTS HERE *
+ .\" -----------------------------------------------------------------
+-.SH "Name"
++.SH "NAME"
+ pam_wheel \- Only permit root access to members of group wheel
+-.SH "Synopsis"
+-.fam C
++.SH "SYNOPSIS"
+ .HP \w'\fBpam_wheel\&.so\fR\ 'u
+-\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
+-.fam
+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust]
.SH "DESCRIPTION"
.PP
The pam_wheel PAM module is used to enforce the so\-called
- \fIwheel\fR
--group\. By default it permits root access to the system if the applicant user is a member of the
-+group\&. By default it permits root access to the system if the applicant user is a member of the
- \fIwheel\fR
--group\. If no group with this name exist, the module is using the group with the group\-ID
--\fB0\fR\.
-+group\&. If no group with this name exist, the module is using the group with the group\-ID
-+\fB0\fR\&.
- .SH "OPTIONS"
- .PP
- \fBdebug\fR
- .RS 4
--Print debug information\.
-+Print debug information\&.
- .RE
- .PP
- \fBdeny\fR
- .RS 4
- Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the
- \fBgroup\fR
--option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless
-+option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless
- \fBtrust\fR
--was also specified, in which case we return PAM_SUCCESS)\.
-+was also specified, in which case we return PAM_SUCCESS)\&.
- .RE
- .PP
- \fBgroup=\fR\fB\fIname\fR\fR
- .RS 4
- Instead of checking the wheel or GID 0 groups, use the
- \fB\fIname\fR\fR
--group to perform the authentication\.
-+group to perform the authentication\&.
- .RE
- .PP
- \fBroot_only\fR
+@@ -213,11 +63,6 @@
.RS 4
--The check for wheel membership is done only\.
-+The check for wheel membership is done only\&.
+ The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&.
.RE
- .PP
- \fBtrust\fR
- .RS 4
--The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\.
--.RE
-.PP
-\fBuse_uid\fR
-.RS 4
--The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\.
-+The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&.
- .RE
- .SH "MODULE SERVICES PROVIDED"
- .PP
-@@ -66,52 +61,52 @@
- \fBauth\fR
- and
- \fBaccount\fR
--services are supported\.
-+services are supported\&.
- .SH "RETURN VALUES"
- .PP
- PAM_AUTH_ERR
- .RS 4
--Authentication failure\.
-+Authentication failure\&.
- .RE
- .PP
- PAM_BUF_ERR
- .RS 4
--Memory buffer error\.
-+Memory buffer error\&.
- .RE
- .PP
- PAM_IGNORE
- .RS 4
--The return value should be ignored by PAM dispatch\.
-+The return value should be ignored by PAM dispatch\&.
- .RE
- .PP
- PAM_PERM_DENY
- .RS 4
--Permission denied\.
-+Permission denied\&.
- .RE
- .PP
- PAM_SERVICE_ERR
- .RS 4
--Cannot determine the user name\.
-+Cannot determine the user name\&.
- .RE
- .PP
- PAM_SUCCESS
- .RS 4
--Success\.
-+Success\&.
- .RE
- .PP
- PAM_USER_UNKNOWN
- .RS 4
--User not known\.
-+User not known\&.
- .RE
- .SH "EXAMPLES"
+-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&.
+-.RE
+ .SH "MODULE TYPES PROVIDED"
.PP
--The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\.
-+The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&.
- .sp
+ The
+@@ -268,26 +113,12 @@
+ .if n \{\
.RS 4
+ .\}
+-.fam C
+-.ps -1
.nf
--su auth sufficient pam_rootok\.so
--su auth required pam_wheel\.so
--su auth required pam_unix\.so
-+su auth sufficient pam_rootok\&.so
-+su auth required pam_wheel\&.so
-+su auth required pam_unix\&.so
+-.if t \{\
+-.sp -1
+-.\}
+-.BB lightgray adjust-for-leading-newline
+-.sp -1
+-
+ su auth sufficient pam_rootok\&.so
+ su auth required pam_wheel\&.so
+ su auth required pam_unix\&.so
+-.EB lightgray adjust-for-leading-newline
+-.if t \{\
+-.sp 1
+-.\}
.fi
+-.fam
+-.ps +1
+ .if n \{\
.RE
-@@ -124,4 +119,4 @@
- \fBpam\fR(8)
- .SH "AUTHOR"
- .PP
--pam_wheel was written by Cristian Gafton <gafton@redhat\.com>\.
-+pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&.
+ .\}
Index: pam.deb/modules/pam_wheel/README
===================================================================
--- pam.deb.orig/modules/pam_wheel/README