[rsh] rshd: close pam session correctly
Michal Sekletar
msekleta at fedoraproject.org
Mon Apr 15 13:19:08 UTC 2013
commit c1be0dc4110aff85293db4b45fda8b92ee13840c
Author: Michal Sekletar <msekleta at redhat.com>
Date: Thu Apr 11 13:29:07 2013 +0200
rshd: close pam session correctly
When client does not ask for separate error channel rshd will execute
the requested command on top of itself, thus is never able to close
opened pam session. In addition it then closes all file descriptors
except stdin, stdout and stderr. This closing of descriptors will
close descriptor used by pam_systemd module and triggers logind to
kill the process.
Patch contributed by Tom Hughes, <tom at compton.nu>
Resolves RHBZ #896583.
Signed-off-by: Michal Sekletar <msekleta at redhat.com>
netkit-rsh-0.17-rh896583.patch | 22 ++++++++++++++++++++++
rsh.spec | 2 ++
2 files changed, 24 insertions(+), 0 deletions(-)
---
diff --git a/netkit-rsh-0.17-rh896583.patch b/netkit-rsh-0.17-rh896583.patch
new file mode 100644
index 0000000..447c79a
--- /dev/null
+++ b/netkit-rsh-0.17-rh896583.patch
@@ -0,0 +1,22 @@
+--- rshd/rshd.c.orig 2013-01-17 14:33:14.694727753 +0000
++++ rshd/rshd.c 2013-01-17 14:43:53.302906217 +0000
+@@ -531,6 +531,19 @@
+ close(pv[0]);
+ dup2(pv[1], 2);
+ close(pv[1]);
++ } else {
++ pid = fork();
++ if (pid == -1) {
++ error("Can't fork; try again.\n");
++ exit(1);
++ }
++ if (pid) {
++ waitpid(pid, NULL, 0);
++ pam_close_session(pamh, 0);
++ pam_end(pamh, PAM_SUCCESS);
++ exit(0);
++ }
++ setpgrp();
+ }
+ theshell = pwd->pw_shell;
+ if (!theshell || !*theshell) {
diff --git a/rsh.spec b/rsh.spec
index 86185c2..3e8f8ba 100644
--- a/rsh.spec
+++ b/rsh.spec
@@ -81,6 +81,7 @@ Patch40: netkit-rsh-0.17-rh473492.patch
Patch41: netkit-rsh-0.17-rh650119.patch
Patch42: netkit-rsh-0.17-rh710987.patch
Patch43: netkit-rsh-0.17-rh784467.patch
+Patch44: netkit-rsh-0.17-rh896583.patch
%description
The rsh package contains a set of programs which allow users to run
@@ -152,6 +153,7 @@ from other machines
%patch41 -p1 -b .rh650119
%patch42 -p1 -b .rh710987
%patch43 -p1 -b .rh784467
+%patch44 -b .rh896583
# No, I don't know what this is doing in the tarball.
rm -f rexec/rexec
More information about the scm-commits
mailing list