[Pkg-shadow-commits] r2445 - in debian/branches/etch/debian: . patches

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Nov 22 18:04:29 UTC 2008 

Author: nekral-guest
Date: 2008-11-22 18:04:28 +0000 (Sat, 22 Nov 2008)
New Revision: 2445

Added:
   debian/branches/etch/debian/patches/303_login_symlink_attack
Modified:
   debian/branches/etch/debian/changelog
   debian/branches/etch/debian/patches/series
Log:
Prepare the 1:4.0.18.1-7etch1 release.


Modified: debian/branches/etch/debian/changelog
===================================================================
--- debian/branches/etch/debian/changelog	2008-11-22 18:03:10 UTC (rev 2444)
+++ debian/branches/etch/debian/changelog	2008-11-22 18:04:28 UTC (rev 2445)
@@ -1,8 +1,11 @@
-shadow (1:4.0.18.1-7etch1) UNRELEASED; urgency=low
+shadow (1:4.0.18.1-7etch1) stable-security; urgency=low
 
-  * 
+  * The "Curé nantais" release
+  * debian/patches/303_login_symlink_attack: Fix a race condition that could
+    lead to gaining ownership or changing mode of arbitrary files.
+    Closes: #505271
 
- -- Christian Perrier <bubulle at debian.org>  Wed, 11 Apr 2007 10:04:04 +0200
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sat, 22 Nov 2008 16:04:04 +0000
 
 shadow (1:4.0.18.1-7) unstable; urgency=low
 

Added: debian/branches/etch/debian/patches/303_login_symlink_attack
===================================================================
--- debian/branches/etch/debian/patches/303_login_symlink_attack	                        (rev 0)
+++ debian/branches/etch/debian/patches/303_login_symlink_attack	2008-11-22 18:04:28 UTC (rev 2445)
@@ -0,0 +1,23 @@
+Goal: Fix a symlink attack
+
+Fixes: 505271
+
+Status wrt upstream: Fixed upstream
+
+--- a/libmisc/chowntty.c
++++ b/libmisc/chowntty.c
+@@ -119,8 +119,12 @@
+ 		exit (1);
+ 	}
+ 
+-	if (chown (tty, info->pw_uid, gid) ||
+-	    chmod (tty, getdef_num ("TTYPERM", 0600))) {
++	/* is_my_tty above ensure that tty is the same device as stdin.
++	 * there could be a race condition between the above check, and
++	 * changing the ownership/mode.
++	 */
++	if (fchown (STDIN_FILENO, info->pw_uid, gid) ||
++	    fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600))) {
+ 		int err = errno;
+ 
+ 		snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty);

Modified: debian/branches/etch/debian/patches/series
===================================================================
--- debian/branches/etch/debian/patches/series	2008-11-22 18:03:10 UTC (rev 2444)
+++ debian/branches/etch/debian/patches/series	2008-11-22 18:04:28 UTC (rev 2445)
@@ -48,3 +48,4 @@
 104_man-sv
 405_su_no_pam_end_before_exec
 200_regenerate_manpages
+303_login_symlink_attack

More information about the Pkg-shadow-commits mailing list