[Pkg-shadow-commits] r1979 - in upstream/trunk: . libmisc
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sun Apr 27 00:28:00 UTC 2008
Author: nekral-guest
Date: 2008-04-27 00:27:59 +0000 (Sun, 27 Apr 2008)
New Revision: 1979
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/libmisc/sulog.c
Log:
If the SULOG_FILE does not exist when an su session is logged, make sure
the file is created with group root, instead of using the group of the
caller.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-04-27 00:24:49 UTC (rev 1978)
+++ upstream/trunk/ChangeLog 2008-04-27 00:27:59 UTC (rev 1979)
@@ -1,5 +1,11 @@
2008-04-27 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, libmisc/sulog.c: If the SULOG_FILE does not exist when an
+ su session is logged, make sure the file is created with group
+ root, instead of using the group of the caller.
+
+2008-04-27 Nicolas François <nicolas.francois at centraliens.net>
+
* NEWS, libmisc/fields.c, src/chfn.c, man/chfn.1.xml: Allow
non-US-ASCII characters in the GECOS fields ("name", "room
number", and "other info" fields).
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2008-04-27 00:24:49 UTC (rev 1978)
+++ upstream/trunk/NEWS 2008-04-27 00:27:59 UTC (rev 1979)
@@ -12,6 +12,10 @@
- chfn
* Allow non-US-ASCII characters in the GECOS fields ("name", "room
number", and "other info" fields).
+- su
+ * If the SULOG_FILE does not exist when an su session is logged, make
+ sure the file is created with group root, instead of using the group
+ of the caller.
shadow-4.1.0 -> shadow-4.1.1 02-04-2008
Modified: upstream/trunk/libmisc/sulog.c
===================================================================
--- upstream/trunk/libmisc/sulog.c 2008-04-27 00:24:49 UTC (rev 1978)
+++ upstream/trunk/libmisc/sulog.c 2008-04-27 00:27:59 UTC (rev 1979)
@@ -48,6 +48,7 @@
struct tm *tm;
FILE *fp;
mode_t oldmask;
+ gid_t oldgid = 0;
if (success) {
SYSLOG ((LOG_INFO,
@@ -60,9 +61,26 @@
if ((sulog_file = getdef_str ("SULOG_FILE")) == (char *) 0)
return;
+ oldgid = getgid ();
oldmask = umask (077);
+ /* Switch to group root to avoid creating the sulog file with
+ * the wrong group ownership. */
+ if ((oldgid != 0) && (setgid (0) != 0)) {
+ SYSLOG ((LOG_INFO,
+ "su session not logged to %s", sulog_file));
+ /* Continue, but do not switch back to oldgid later */
+ oldgid = 0;
+ }
fp = fopen (sulog_file, "a+");
umask (oldmask);
+ if ((oldgid != 0) && (setgid (oldgid) != 0)) {
+ perror ("setgid");
+ SYSLOG ((LOG_ERR,
+ "can't switch back to group `%d' in sulog",
+ oldgid));
+ /* Do not return if the group permission were raised. */
+ exit (1);
+ }
if (fp == (FILE *) 0)
return; /* can't open or create logfile */
More information about the Pkg-shadow-commits
mailing list