[pam] clear supplementary groups in pam_console handler execution
Tomáš Mráz
tmraz at fedoraproject.org
Fri Jul 15 12:56:00 UTC 2011
commit 8de024523373ec779b87a37ce6a2b2fe7feb93bf
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Jul 15 14:55:38 2011 +0200
clear supplementary groups in pam_console handler execution
pam-1.1.0-console-fixes.patch | 3 ++-
pam.spec | 5 ++++-
2 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/pam-1.1.0-console-fixes.patch b/pam-1.1.0-console-fixes.patch
index 08cd4c6..fa5e79c 100644
--- a/pam-1.1.0-console-fixes.patch
+++ b/pam-1.1.0-console-fixes.patch
@@ -28,7 +28,7 @@ diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1
child = fork();
switch (child) {
case -1:
-@@ -246,30 +246,31 @@ execute_handler(pam_handle_t *pamh, stru
+@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru
if (!wait_exit) {
switch(fork()) {
case 0:
@@ -54,6 +54,7 @@ diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1
- exit(255);
+ _exit(255);
if (setgid(pw->pw_gid) == -1 ||
++ setgroups(0, NULL) == -1 ||
setuid(pw->pw_uid) == -1)
- exit(255);
+ _exit(255);
diff --git a/pam.spec b/pam.spec
index 449809b..75b6f60 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License: BSD and GPLv2+
@@ -359,6 +359,9 @@ fi
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Fri Jul 15 2011 Tomas Mraz <tmraz at redhat.com> 1.1.4-2
+- clear supplementary groups in pam_console handler execution
+
* Mon Jun 27 2011 Tomas Mraz <tmraz at redhat.com> 1.1.4-1
- upgrade to new upstream release
More information about the scm-commits
mailing list