From 823d30ab735392f8da3b19513f1d550fadfa3ef8 Mon Sep 17 00:00:00 2001
From: Jan Rekorajski <baggins@sith.mimuw.edu.pl>
Date: Mon, 4 Dec 2000 18:31:56 +0000
Subject: Relevant BUGIDs: 124385

Purpose of commit: security

Commit summary:
---------------
* use O_NOFOLLOW if available when opening debug log
---
 libpam/include/security/_pam_macros.h | 49 +++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 14 deletions(-)

(limited to 'libpam/include/security')

diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h
index 7c3dde1d..2827fabf 100644
--- a/libpam/include/security/_pam_macros.h
+++ b/libpam/include/security/_pam_macros.h
@@ -64,6 +64,9 @@ do {                                              \
 #include <sys/types.h>
 #include <stdarg.h>
 #include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 /*
  * This is for debugging purposes ONLY. DO NOT use on live systems !!!
@@ -81,37 +84,55 @@ static void _pam_output_debug_info(const char *file, const char *fn
 				   , const int line)
 {
     FILE *logfile;
-    int must_close = 1;
-    
-    if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
+    int must_close = 1, fd;
+   
+#ifdef O_NOFOLLOW
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+	if (!(logfile = fdopen(fd,"a"))) {
+	    logfile = stderr;
+	    must_close = 0;
+	    close(fd);
+	}
+    } else {
         logfile = stderr;
-        must_close = 0;
+	must_close = 0;
     }
     fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
-    if (must_close) {
-        fflush(logfile);
+    fflush(logfile);
+    if (must_close)
         fclose(logfile);
-    }
 }
 
 static void _pam_output_debug(const char *format, ...)
 {
     va_list args;
     FILE *logfile;
-    int must_close = 1;
+    int must_close = 1, fd;
     
     va_start(args, format);
 
-    if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
-        logfile = stderr;
-        must_close = 0;
+#ifdef O_NOFOLLOW
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+	if (!(logfile = fdopen(fd,"a"))) {
+	    logfile = stderr;
+	    must_close = 0;
+	    close(fd);
+	}
+    } else {
+	logfile = stderr;
+	must_close = 0;
     }
     vfprintf(logfile, format, args);
     fprintf(logfile, "\n");
-    if (must_close) {
-        fflush(logfile);
+    fflush(logfile);
+    if (must_close)
         fclose(logfile);
-    }
 
     va_end(args);
 }
-- 
cgit v1.2.3