[Pkg-shadow-commits] r870 - trunk/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Tue Feb 21 22:51:44 UTC 2006
Author: nekral-guest
Date: 2006-02-21 22:51:39 +0000 (Tue, 21 Feb 2006)
New Revision: 870
Modified:
trunk/debian/patches/493_selinux_no_proc
Log:
Fix after Tomasz' review.
Modified: trunk/debian/patches/493_selinux_no_proc
===================================================================
--- trunk/debian/patches/493_selinux_no_proc 2006-02-21 22:07:21 UTC (rev 869)
+++ trunk/debian/patches/493_selinux_no_proc 2006-02-21 22:51:39 UTC (rev 870)
@@ -16,12 +16,15 @@
+ from an UID=0 account without SELinux permission
+ from an UID!=0 account with SELinux permission
+ from an UID=0 account with SELinux permission
+ + from an UID!=0 account with SELinux permission
- (only the later should be permitted)
+ (only the two laters should be permitted)
The "with SELinux permission" probably means passwd, chfn, chsh or rootok
in an SELinux policy.
+Status wrt to upstream: Will be in 4.0.15
+
Index: shadow-4.0.14/src/chage.c
===================================================================
--- shadow-4.0.14.orig/src/chage.c 2006-02-20 20:49:21.000000000 +0100
@@ -68,15 +71,15 @@
Index: shadow-4.0.14/src/passwd.c
===================================================================
--- shadow-4.0.14.orig/src/passwd.c 2006-02-20 20:49:21.000000000 +0100
-+++ shadow-4.0.14/src/passwd.c 2006-02-20 21:33:19.000000000 +0100
++++ shadow-4.0.14/src/passwd.c 2006-02-21 23:49:02.000000000 +0100
@@ -802,7 +802,9 @@
* check if the change is allowed by SELinux policy.
*/
if ((pw->pw_uid != getuid ())
- && (selinux_check_passwd_access (PASSWD__PASSWD) != 0)) {
-+ && ( !amroot
-+ || ( (is_selinux_enabled () > 0)
-+ && (selinux_check_passwd_access (PASSWD__PASSWD) != 0)))) {
++ && (is_selinux_enabled () > 0 ?
++ (selinux_check_passwd_access (PASSWD__PASSWD) != 0) :
++ !amroot)) {
#else
/*
* If the UID of the user does not match the current real UID,
More information about the Pkg-shadow-commits
mailing list