[Pkg-shadow-commits] r381 - trunk/debian/patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Tue, 12 Jul 2005 15:17:06 +0000
Author: nekral-guest
Date: 2005-07-12 15:17:05 +0000 (Tue, 12 Jul 2005)
New Revision: 381
Added:
trunk/debian/patches/363_su_ignore_SIGINT
Removed:
trunk/debian/patches/430_su_ignore_SIGINT
Modified:
trunk/debian/patches/series
Log:
430_su_ignore_SIGINT will be applied in 4.0.11. Move it to 363.
Copied: trunk/debian/patches/363_su_ignore_SIGINT (from rev 380, trunk/debian/patches/430_su_ignore_SIGINT)
===================================================================
--- trunk/debian/patches/430_su_ignore_SIGINT 2005-07-12 12:26:17 UTC (rev 380)
+++ trunk/debian/patches/363_su_ignore_SIGINT 2005-07-12 15:17:05 UTC (rev 381)
@@ -0,0 +1,33 @@
+Goal: Ignore SIGINT while authenticating. A ^C could defeat the waiting
+ period and permit brute-force attacks.
+ Also ignore SIGQUIT.
+
+Fixes: #52372 (SIGINT), #288827 (SIGQUIT)
+
+Status wrt upstream: Applied upstream
+
+Note: Even with a waiting period, a brute-force attack can be performed
+ by parralelizing attacks (or sending a KILL signal).
+ The gain in security is minor.
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-06-21 23:26:13.808723000 +0200
++++ shadow-4.0.3/src/su.c 2005-06-21 23:27:58.518723000 +0200
+@@ -538,6 +538,8 @@
+ if (shell == 0)
+ shell = (char *) strdup (pwent.pw_shell);
+
++ signal(SIGINT, SIG_IGN);
++ signal(SIGQUIT, SIG_IGN);
+ #ifdef USE_PAM
+ ret = pam_authenticate (pamh, 0);
+ if (ret != PAM_SUCCESS) {
+@@ -629,6 +631,7 @@
+ #endif /* !USE_PAM */
+
+ signal (SIGINT, SIG_DFL);
++ signal (SIGQUIT, SIG_DFL);
+ cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
+ #if 0
+ addenv (cp ? cp : "PATH=/bin:/usr/bin", NULL);
Deleted: trunk/debian/patches/430_su_ignore_SIGINT
===================================================================
--- trunk/debian/patches/430_su_ignore_SIGINT 2005-07-12 12:26:17 UTC (rev 380)
+++ trunk/debian/patches/430_su_ignore_SIGINT 2005-07-12 15:17:05 UTC (rev 381)
@@ -1,33 +0,0 @@
-Goal: Ignore SIGINT while authenticating. A ^C could defeat the waiting
- period and permit brute-force attacks.
- Also ignore SIGQUIT.
-
-Fixes: #52372 (SIGINT), #288827 (SIGQUIT)
-
-Status wrt upstream: It should be forwarded to upstream.
-
-Note: Even with a waiting period, a brute-force attack can be performed
- by parralelizing attacks (or sending a KILL signal).
- The gain in security is minor.
-
-Index: shadow-4.0.3/src/su.c
-===================================================================
---- shadow-4.0.3.orig/src/su.c 2005-06-21 23:26:13.808723000 +0200
-+++ shadow-4.0.3/src/su.c 2005-06-21 23:27:58.518723000 +0200
-@@ -538,6 +538,8 @@
- if (shell == 0)
- shell = (char *) strdup (pwent.pw_shell);
-
-+ signal(SIGINT, SIG_IGN);
-+ signal(SIGQUIT, SIG_IGN);
- #ifdef USE_PAM
- ret = pam_authenticate (pamh, 0);
- if (ret != PAM_SUCCESS) {
-@@ -629,6 +631,7 @@
- #endif /* !USE_PAM */
-
- signal (SIGINT, SIG_DFL);
-+ signal (SIGQUIT, SIG_DFL);
- cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
- #if 0
- addenv (cp ? cp : "PATH=/bin:/usr/bin", NULL);
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-07-12 12:26:17 UTC (rev 380)
+++ trunk/debian/patches/series 2005-07-12 15:17:05 UTC (rev 381)
@@ -24,7 +24,7 @@
435_su_addenv_HOME_and_SHELL
431_su_uid_0_not_root
437_su_add_GNU_options
-430_su_ignore_SIGINT
+363_su_ignore_SIGINT
008_su_check_user_earlier
008_su_no_sanitize_env
008_su_get_PAM_username