|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
|
|
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-04 Dmitry V. Levin <ldv@altlinux.org>
* libpam/pam_modutil_priv.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
pam_modutil_regain_priv): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
(pam_sm_open_session): Remove redundant fchown call.
Fixes CVE-2010-3430, CVE-2010-3431.
|