From 0b1055f64657dc0bf175f75c23470b2be7630451 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 3 Oct 2010 21:00:53 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431. --- libpam/include/security/pam_modutil.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'libpam/include') diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h index ffdf5ad0..317202de 100644 --- a/libpam/include/security/pam_modutil.h +++ b/libpam/include/security/pam_modutil.h @@ -100,6 +100,30 @@ pam_modutil_write(int fd, const char *buffer, int count); extern int PAM_NONNULL((1,3)) pam_modutil_audit_write(pam_handle_t *pamh, int type, const char *message, int retval); + +struct pam_modutil_privs { + gid_t *grplist; + int number_of_groups; + int allocated; + gid_t old_gid; + uid_t old_uid; + int is_dropped; +}; + +#define PAM_MODUTIL_NGROUPS 64 +#define PAM_MODUTIL_DEF_PRIVS(n) \ + gid_t n##_grplist[PAM_MODUTIL_NGROUPS]; \ + struct pam_modutil_privs n = { n##_grplist, PAM_MODUTIL_NGROUPS, 0, -1, -1, 0 } + +extern int PAM_NONNULL((1,2,3)) +pam_modutil_drop_priv(pam_handle_t *pamh, + struct pam_modutil_privs *p, + const struct passwd *pw); + +extern int PAM_NONNULL((1,2)) +pam_modutil_regain_priv(pam_handle_t *pamh, + struct pam_modutil_privs *p); + #ifdef __cplusplus } #endif -- cgit v1.2.3