[Pkg-shadow-commits] r999 - in trunk/debian: . patches
Christian Perrier
bubulle at costa.debian.org
Sat May 20 07:14:28 UTC 2006
Author: bubulle
Date: 2006-05-20 07:14:27 +0000 (Sat, 20 May 2006)
New Revision: 999
Added:
trunk/debian/patches/393_useradd_CERT_312962
Modified:
trunk/debian/changelog
trunk/debian/patches/series
Log:
Fix for CERT VU#312962
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-05-20 06:22:31 UTC (rev 998)
+++ trunk/debian/changelog 2006-05-20 07:14:27 UTC (rev 999)
@@ -1,6 +1,11 @@
shadow (1:4.0.15-11) UNRELEASED; urgency=low
* The "Emmenthal" release
+ * Upstream bugs or fixes fixed in upstream releases or CVS:
+ - Fix for CERT VU#312962
+ + check the return value of fchown before fchmod when the mailbox is
+ created by useradd
+ + The patch also uses login.defs::MAIL_DIR instead of /var/mail.
* Reading /etc/default/locale is back in login PAM config file
after brainstorming with Steve. Closes: #368102
Added: trunk/debian/patches/393_useradd_CERT_312962
===================================================================
--- trunk/debian/patches/393_useradd_CERT_312962 2006-05-20 06:22:31 UTC (rev 998)
+++ trunk/debian/patches/393_useradd_CERT_312962 2006-05-20 07:14:27 UTC (rev 999)
@@ -0,0 +1,82 @@
+Goal:
+fixed useradd CERT VU#312962: fixed forgoten checking of the return
+value from fchown() before proceeding with the fchmod() (prepared
+based on OWL fix submited by Solar Designer <solar at openwall.com>),
+Use in userdel login.defs::MAIL_DIR instead hardcoded /var/mail on created
+mailbox path (based on OWL fixes submited by Solar Designer
+<solar at openwall.com>).
+
+Status wrt upstream: will be in 4.0.16
+
+Index: shadow-4.0.15/src/useradd.c
+===================================================================
+--- shadow-4.0.15.orig/src/useradd.c 2006-05-19 23:23:15.000000000 -0500
++++ shadow-4.0.15/src/useradd.c 2006-05-19 23:24:58.000000000 -0500
+@@ -1609,46 +1609,38 @@
+ */
+ static void create_mail (void)
+ {
+- char *ms;
++ char *spool, *file;
+ int fd;
+- struct group *mail;
+- gid_t mail_gid;
++ struct group *gr;
++ gid_t gid;
+ mode_t mode;
+
++ spool = getdef_str ("MAIL_DIR") ? : "/var/mail";
++ file = alloca (strlen (spool) + strlen (user_name) + 2);
++ sprintf (file, "%s/%s", spool, user_name);
++ fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
++ if (fd < 0) {
++ perror (_("Creating mailbox"));
++ return;
++ }
++
+ if (strcasecmp (create_mail_spool, "yes") == 0) {
+- mail = getgrnam ("mail");
+- if (mail == NULL) {
++ gr = getgrnam ("mail");
++ if (!gr) {
+ fprintf (stderr,
+ _
+- ("No group named \"mail\" exists, creating mail spool with mode 0600.\n"));
++ ("Group 'mail' not found. Creating the mailbox with 0600 mode.\n"));
++ gid = user_gid;
+ mode = 0600;
+- mail_gid = user_gid;
+ } else {
++ gid = gr->gr_gid;
+ mode = 0660;
+- mail_gid = mail->gr_gid;
+ }
+
+- ms = malloc (strlen (user_name) + 11);
+- if (ms != NULL) {
+- sprintf (ms, "/var/mail/%s", user_name);
+- if (access (ms, R_OK) != 0) {
+- fd = open (ms,
+- O_CREAT | O_EXCL |
+- O_WRONLY | O_TRUNC, 0);
+- if (fd != -1) {
+- fchown (fd, user_id, mail_gid);
+- fchmod (fd, mode);
+- close (fd);
+- }
+- } else {
+- fprintf (stderr,
+- _
+- ("Can't create mail spool for user %s.\n"),
+- user_name);
+- fail_exit (E_MAIL_SPOOL);
+- }
+- }
+- free (ms);
++ if (fchown (fd, user_id, gid) || fchmod (fd, mode))
++ perror (_("Setting mailbox permissions"));
++
++ close (fd);
+ }
+ }
+
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2006-05-20 06:22:31 UTC (rev 998)
+++ trunk/debian/patches/series 2006-05-20 07:14:27 UTC (rev 999)
@@ -44,3 +44,4 @@
353_hu-362749
402-clarify_usermod_usage
487_passwd_chauthtok_failed_message
+393_useradd_CERT_312962
More information about the Pkg-shadow-commits
mailing list