[Pkg-shadow-commits] r315 - trunk/debian/patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Wed, 29 Jun 2005 19:18:06 +0000
Author: nekral-guest
Date: 2005-06-29 19:18:05 +0000 (Wed, 29 Jun 2005)
New Revision: 315
Added:
trunk/debian/patches/430_su_ignore_SIGINT
Removed:
trunk/debian/patches/008_su_ignore_SIGINT
Modified:
trunk/debian/patches/series
Log:
This patch should be kept. It is not of a great importance, but was requested
by our users.
Deleted: trunk/debian/patches/008_su_ignore_SIGINT
===================================================================
--- trunk/debian/patches/008_su_ignore_SIGINT 2005-06-29 00:33:59 UTC (rev 314)
+++ trunk/debian/patches/008_su_ignore_SIGINT 2005-06-29 19:18:05 UTC (rev 315)
@@ -1,33 +0,0 @@
-Goal: Ignore SIGINT while authenticating. A ^C could defeat the waiting
- period and permit brute-force attacks.
- Also ignore SIGQUIT.
-
-Fixes: #52372 (SIGINT), #288827 (SIGQUIT)
-
-Status wrt upstream: It should be forwarded to upstream.
-
-Note: Even with a waiting period, a brute-force attack can be performed
- by parralelizing attacks (or sending a KILL signal).
- The gain in security is minor.
-
-Index: shadow-4.0.3/src/su.c
-===================================================================
---- shadow-4.0.3.orig/src/su.c 2005-06-21 23:26:13.808723000 +0200
-+++ shadow-4.0.3/src/su.c 2005-06-21 23:27:58.518723000 +0200
-@@ -538,6 +538,8 @@
- if (shell == 0)
- shell = (char *) strdup (pwent.pw_shell);
-
-+ signal(SIGINT, SIG_IGN);
-+ signal(SIGQUIT, SIG_IGN);
- #ifdef USE_PAM
- ret = pam_authenticate (pamh, 0);
- if (ret != PAM_SUCCESS) {
-@@ -629,6 +631,7 @@
- #endif /* !USE_PAM */
-
- signal (SIGINT, SIG_DFL);
-+ signal (SIGQUIT, SIG_DFL);
- cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
- #if 0
- addenv (cp ? cp : "PATH=/bin:/usr/bin", NULL);
Copied: trunk/debian/patches/430_su_ignore_SIGINT (from rev 310, trunk/debian/patches/008_su_ignore_SIGINT)
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-06-29 00:33:59 UTC (rev 314)
+++ trunk/debian/patches/series 2005-06-29 19:18:05 UTC (rev 315)
@@ -24,7 +24,7 @@
008_su_addenv_HOME_and_SHELL
008_su_uid_0_not_root
008_su_add_GNU_options
-008_su_ignore_SIGINT
+430_su_ignore_SIGINT
008_su_check_user_earlier
008_su_no_sanitize_env
008_su_get_PAM_username