PAM

~roguescholar/pam/+git/upstream:ldv/getline

  1. Git
  2. lp:~roguescholar/pam/+git/upstream
  3. ldv/getline
Last commit made on 2024-01-16
Get this branch:
git clone -b ldv/getline https://git.launchpad.net/~roguescholar/pam/+git/upstream

Branch merges

Branch information

Name:
ldv/getline
Repository:
lp:~roguescholar/pam/+git/upstream

Recent commits

7055a56... by "Dmitry V. Levin" <email address hidden>

modules: do not invoke getline(3) unnecessarily

Replace
  while (getline(...) != -1 && retval)
with
  while (retval && getline(...) != -1)

* modules/pam_listfile/pam_listfile.c (pam_listfile): Do not invoke
getline(3) when its result is going to be ignored.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Likewise.

bb9edf1... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: declare read-only data array const

97325c0... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: log about failure to execute unix_chkpwd(8)

d5c01cf... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: clean additional possible sensitive buffers

05d50c9... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: use more appropriate types

5b059b8... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: retain const qualifier

e6495e6... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: enclose macro arguments

9f19e7d... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: set close-on-exec

Since the module operates on sensitive files set the close-on-exec flag,
to avoid file descriptor leaks if there is ever any sibling thread.

The fopen(3) mode "e" is supported in glibc since version 2.7 (released
in 2007), and ignored prior, see:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=65d834b0add966dbbdb5ed1e916c60b2b2d87f10

8e577fb... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: support setgid version of unix_chkpwd(8)

In case unix_chkpwd(8) is not a setuid but a setgid binary, reset to the
real group as well.

Also check the privileges are permanently lost, see:
https://wiki.sei.cmu.edu/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful

See also the current Debian patch:
https://sources.debian.org/src/pam/1.5.2-9.1/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch/

b23d337... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

pam_unix: reject unix_update(8) running on different unprivileged user

In case unix_update(8) is installed as a setuid binary, which Fedora and
Debian does not do, prevent unprivileged users to probe (and eventually
change) passwords of other users (including root).