[Pkg-shadow-commits] r2445 - in debian/branches/etch/debian: . patches
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Nov 22 18:04:29 UTC 2008
Author: nekral-guest
Date: 2008-11-22 18:04:28 +0000 (Sat, 22 Nov 2008)
New Revision: 2445
Added:
debian/branches/etch/debian/patches/303_login_symlink_attack
Modified:
debian/branches/etch/debian/changelog
debian/branches/etch/debian/patches/series
Log:
Prepare the 1:4.0.18.1-7etch1 release.
Modified: debian/branches/etch/debian/changelog
===================================================================
--- debian/branches/etch/debian/changelog 2008-11-22 18:03:10 UTC (rev 2444)
+++ debian/branches/etch/debian/changelog 2008-11-22 18:04:28 UTC (rev 2445)
@@ -1,8 +1,11 @@
-shadow (1:4.0.18.1-7etch1) UNRELEASED; urgency=low
+shadow (1:4.0.18.1-7etch1) stable-security; urgency=low
- *
+ * The "Curé nantais" release
+ * debian/patches/303_login_symlink_attack: Fix a race condition that could
+ lead to gaining ownership or changing mode of arbitrary files.
+ Closes: #505271
- -- Christian Perrier <bubulle at debian.org> Wed, 11 Apr 2007 10:04:04 +0200
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sat, 22 Nov 2008 16:04:04 +0000
shadow (1:4.0.18.1-7) unstable; urgency=low
Added: debian/branches/etch/debian/patches/303_login_symlink_attack
===================================================================
--- debian/branches/etch/debian/patches/303_login_symlink_attack (rev 0)
+++ debian/branches/etch/debian/patches/303_login_symlink_attack 2008-11-22 18:04:28 UTC (rev 2445)
@@ -0,0 +1,23 @@
+Goal: Fix a symlink attack
+
+Fixes: 505271
+
+Status wrt upstream: Fixed upstream
+
+--- a/libmisc/chowntty.c
++++ b/libmisc/chowntty.c
+@@ -119,8 +119,12 @@
+ exit (1);
+ }
+
+- if (chown (tty, info->pw_uid, gid) ||
+- chmod (tty, getdef_num ("TTYPERM", 0600))) {
++ /* is_my_tty above ensure that tty is the same device as stdin.
++ * there could be a race condition between the above check, and
++ * changing the ownership/mode.
++ */
++ if (fchown (STDIN_FILENO, info->pw_uid, gid) ||
++ fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600))) {
+ int err = errno;
+
+ snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty);
Modified: debian/branches/etch/debian/patches/series
===================================================================
--- debian/branches/etch/debian/patches/series 2008-11-22 18:03:10 UTC (rev 2444)
+++ debian/branches/etch/debian/patches/series 2008-11-22 18:04:28 UTC (rev 2445)
@@ -48,3 +48,4 @@
104_man-sv
405_su_no_pam_end_before_exec
200_regenerate_manpages
+303_login_symlink_attack
More information about the Pkg-shadow-commits
mailing list