[pam] pam_unix: do not fail with bad ld.so.preload
Tomáš Mráz
tmraz at fedoraproject.org
Tue Apr 23 15:19:36 UTC 2013
commit bc16a79c5700b65c3a11b5d9afcbccaae250317f
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue Apr 23 17:19:31 2013 +0200
pam_unix: do not fail with bad ld.so.preload
pam-1.1.6-std-noclose.patch | 78 ++++++++++++++++++++++++++++---------------
pam.spec | 5 ++-
2 files changed, 55 insertions(+), 28 deletions(-)
---
diff --git a/pam-1.1.6-std-noclose.patch b/pam-1.1.6-std-noclose.patch
index 5c8640f..d238709 100644
--- a/pam-1.1.6-std-noclose.patch
+++ b/pam-1.1.6-std-noclose.patch
@@ -1,6 +1,6 @@
diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c
--- Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
-+++ Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c 2012-08-17 13:25:20.684075361 +0200
++++ Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c 2013-04-23 17:07:46.565362820 +0200
@@ -133,13 +133,21 @@ create_homedir (pam_handle_t *pamh, opti
if (child == 0) {
int i;
@@ -10,7 +10,7 @@ diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux
char *args[] = { NULL, NULL, NULL, NULL, NULL };
+ /* replace std file descriptors with a dummy pipe */
-+ if (pipe(dummyfds) == 0) {
++ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
+ dup2(dummyfds[0], STDIN_FILENO);
+ dup2(dummyfds[1], STDOUT_FILENO);
+ dup2(dummyfds[1], STDERR_FILENO);
@@ -26,16 +26,24 @@ diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux
}
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
-+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c 2012-08-17 13:22:51.664560481 +0200
-@@ -105,16 +105,18 @@ int _unix_run_verify_binary(pam_handle_t
++++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c 2013-04-23 17:10:28.928870251 +0200
+@@ -100,21 +100,26 @@ int _unix_run_verify_binary(pam_handle_t
+ if (child == 0) {
+ int i=0;
+ struct rlimit rlim;
++ int dummyfds[2];
+ static char *envp[] = { NULL };
+ char *args[] = { NULL, NULL, NULL, NULL };
/* reopen stdout as pipe */
dup2(fds[1], STDOUT_FILENO);
-+ /* and replace also the stdin, stderr so we do not exec the helper with
-+ tty as stdin, it will not read anything from there anyway */
-+ dup2(fds[0], STDIN_FILENO);
-+ dup2(fds[1], STDERR_FILENO);
++ /* replace std file descriptors with a dummy pipe */
++ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
++ dup2(dummyfds[0], STDIN_FILENO);
++ dup2(dummyfds[1], STDERR_FILENO);
++ }
++
/* XXX - should really tidy up PAM here too */
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
@@ -52,47 +60,63 @@ diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
-+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c 2012-08-17 14:10:38.917346789 +0200
-@@ -210,13 +210,16 @@ static int _unix_run_update_binary(pam_h
-
++++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c 2013-04-23 17:13:49.047499806 +0200
+@@ -202,6 +202,7 @@ static int _unix_run_update_binary(pam_h
+ if (child == 0) {
+ int i=0;
+ struct rlimit rlim;
++ int dummyfds[2];
+ static char *envp[] = { NULL };
+ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
+ char buffer[16];
+@@ -211,11 +212,17 @@ static int _unix_run_update_binary(pam_h
/* reopen stdin as pipe */
dup2(fds[0], STDIN_FILENO);
-+ /* and replace also the stdout/err as the helper will
-+ not write anything there */
-+ dup2(fds[1], STDOUT_FILENO);
-+ dup2(fds[1], STDERR_FILENO);
++ /* replace std file descriptors with a dummy pipe */
++ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
++ dup2(dummyfds[1], STDOUT_FILENO);
++ dup2(dummyfds[1], STDERR_FILENO);
++ }
++
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
- if (i != STDIN_FILENO)
-- close(i);
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
-+ close(i);
++ if (i != dummyfds[0])
+ close(i);
}
}
-
diff -up Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/support.c
--- Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
-+++ Linux-PAM-1.1.6/modules/pam_unix/support.c 2012-08-17 14:12:10.833511475 +0200
-@@ -469,13 +469,16 @@ static int _unix_run_helper_binary(pam_h
++++ Linux-PAM-1.1.6/modules/pam_unix/support.c 2013-04-23 17:16:47.505061373 +0200
+@@ -462,6 +462,7 @@ static int _unix_run_helper_binary(pam_h
+ if (child == 0) {
+ int i=0;
+ struct rlimit rlim;
++ int dummyfds[2];
+ static char *envp[] = { NULL };
+ char *args[] = { NULL, NULL, NULL, NULL };
+@@ -470,11 +471,17 @@ static int _unix_run_helper_binary(pam_h
/* reopen stdin as pipe */
dup2(fds[0], STDIN_FILENO);
-+ /* and replace also the stdout/err as the helper will
-+ not write anything there */
-+ dup2(fds[1], STDOUT_FILENO);
-+ dup2(fds[1], STDERR_FILENO);
++ /* replace std file descriptors with a dummy pipe */
++ if (pipe2(dummyfds, O_NONBLOCK) == 0) {
++ dup2(dummyfds[1], STDOUT_FILENO);
++ dup2(dummyfds[1], STDERR_FILENO);
++ }
++
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
- if (i != STDIN_FILENO)
-- close(i);
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
-+ close(i);
++ if (i != dummyfds[0])
+ close(i);
}
}
-
diff --git a/pam.spec b/pam.spec
index 15669de..8078d79 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.1.6
-Release: 9%{?dist}
+Release: 10%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -389,6 +389,9 @@ fi
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Tue Apr 23 2013 Tomáš Mráz <tmraz at redhat.com> 1.1.6-10
+- pam_unix: do not fail with bad ld.so.preload
+
* Fri Mar 22 2013 Tomáš Mráz <tmraz at redhat.com> 1.1.6-9
- do not fail if btmp file is corrupted (#906852)
- fix strict aliasing warnings in build
More information about the scm-commits
mailing list