[Pkg-shadow-commits] r2448 - in upstream/branches/4.1.2.2: . libmisc

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Nov 22 23:20:12 UTC 2008 

Author: nekral-guest
Date: 2008-11-22 23:20:11 +0000 (Sat, 22 Nov 2008)
New Revision: 2448

Modified:
   upstream/branches/4.1.2.2/ChangeLog
   upstream/branches/4.1.2.2/NEWS
   upstream/branches/4.1.2.2/libmisc/chowntty.c
Log:
	* NEWS, libmisc/chowntty.c: Fix a race condition that could lead
	to gaining ownership or changing mode of arbitrary files.


Modified: upstream/branches/4.1.2.2/ChangeLog
===================================================================
--- upstream/branches/4.1.2.2/ChangeLog	2008-11-22 23:11:01 UTC (rev 2447)
+++ upstream/branches/4.1.2.2/ChangeLog	2008-11-22 23:20:11 UTC (rev 2448)
@@ -1,3 +1,8 @@
+2008-11-23  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* NEWS, libmisc/chowntty.c: Fix a race condition that could lead
+	to gaining ownership or changing mode of arbitrary files.
+
 2008-06-26  Nicolas François  <nicolas.francois at centraliens.net>
 
 	Prepare the 4.1.2.1 release

Modified: upstream/branches/4.1.2.2/NEWS
===================================================================
--- upstream/branches/4.1.2.2/NEWS	2008-11-22 23:11:01 UTC (rev 2447)
+++ upstream/branches/4.1.2.2/NEWS	2008-11-22 23:20:11 UTC (rev 2448)
@@ -1,5 +1,11 @@
 $Id$
 
+shadow-4.1.2.1 -> shadow-4.1.2.2					23-11-2008
+
+*** security
+- Fix a race condition in login that could lead to gaining ownership or
+  changing mode of arbitrary files.
+
 shadow-4.1.2 -> shadow-4.1.2.1						26-06-2008
 
 *** security

Modified: upstream/branches/4.1.2.2/libmisc/chowntty.c
===================================================================
--- upstream/branches/4.1.2.2/libmisc/chowntty.c	2008-11-22 23:11:01 UTC (rev 2447)
+++ upstream/branches/4.1.2.2/libmisc/chowntty.c	2008-11-22 23:20:11 UTC (rev 2448)
@@ -2,7 +2,7 @@
  * Copyright (c) 1989 - 1994, Julianne Frances Haugh
  * Copyright (c) 1996 - 2001, Marek Michałkiewicz
  * Copyright (c) 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007       , Nicolas François
+ * Copyright (c) 2007 - 2008, Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -102,14 +102,14 @@
 		exit (1);
 	}
 
-	if (chown (tty, info->pw_uid, gid) ||
-	    chmod (tty, getdef_num ("TTYPERM", 0600))) {
+	if (fchown (STDIN_FILENO, info->pw_uid, gid) ||
+	    fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600))) {
 		int err = errno;
 
-		snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty);
+		snprintf (buf, sizeof buf, _("Unable to change tty stdin"));
 		perror (buf);
 		SYSLOG ((LOG_WARN,
-			 "unable to change tty `%s' for user `%s'\n", tty,
+			 "unable to change tty stdin for user `%s'\n",
 			 info->pw_name));
 		closelog ();

More information about the Pkg-shadow-commits mailing list