From: nekral-guest Date: Sat, 22 Nov 2008 23:20:11 +0000 (+0000) Subject: * NEWS, libmisc/chowntty.c: Fix a race condition that could lead X-Git-Tag: 4.1.2.2~4 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=02e7ca603c2908b5dd668d2e6bbf99c3f31d28cd;p=thirdparty%2Fshadow.git * NEWS, libmisc/chowntty.c: Fix a race condition that could lead to gaining ownership or changing mode of arbitrary files. --- diff --git a/ChangeLog b/ChangeLog index dca5b52e1..0c0d5d595 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-11-23 Nicolas François + + * NEWS, libmisc/chowntty.c: Fix a race condition that could lead + to gaining ownership or changing mode of arbitrary files. + 2008-06-26 Nicolas François Prepare the 4.1.2.1 release diff --git a/NEWS b/NEWS index 4ab3ee776..8afcf03e6 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,11 @@ $Id$ +shadow-4.1.2.1 -> shadow-4.1.2.2 23-11-2008 + +*** security +- Fix a race condition in login that could lead to gaining ownership or + changing mode of arbitrary files. + shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008 *** security diff --git a/libmisc/chowntty.c b/libmisc/chowntty.c index fcfad9178..745ee8a3d 100644 --- a/libmisc/chowntty.c +++ b/libmisc/chowntty.c @@ -2,7 +2,7 @@ * Copyright (c) 1989 - 1994, Julianne Frances Haugh * Copyright (c) 1996 - 2001, Marek Michałkiewicz * Copyright (c) 2003 - 2005, Tomasz Kłoczko - * Copyright (c) 2007 , Nicolas François + * Copyright (c) 2007 - 2008, Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -102,14 +102,14 @@ void chown_tty (const char *tty, const struct passwd *info) exit (1); } - if (chown (tty, info->pw_uid, gid) || - chmod (tty, getdef_num ("TTYPERM", 0600))) { + if (fchown (STDIN_FILENO, info->pw_uid, gid) || + fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600))) { int err = errno; - snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty); + snprintf (buf, sizeof buf, _("Unable to change tty stdin")); perror (buf); SYSLOG ((LOG_WARN, - "unable to change tty `%s' for user `%s'\n", tty, + "unable to change tty stdin for user `%s'\n", info->pw_name)); closelog ();