From 8de024523373ec779b87a37ce6a2b2fe7feb93bf Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 15 Jul 2011 14:55:38 +0200 Subject: [PATCH] clear supplementary groups in pam_console handler execution --- pam-1.1.0-console-fixes.patch | 3 ++- pam.spec | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pam-1.1.0-console-fixes.patch b/pam-1.1.0-console-fixes.patch index 08cd4c6..fa5e79c 100644 --- a/pam-1.1.0-console-fixes.patch +++ b/pam-1.1.0-console-fixes.patch @@ -28,7 +28,7 @@ diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1 child = fork(); switch (child) { case -1: -@@ -246,30 +246,31 @@ execute_handler(pam_handle_t *pamh, stru +@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru if (!wait_exit) { switch(fork()) { case 0: @@ -54,6 +54,7 @@ diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1 - exit(255); + _exit(255); if (setgid(pw->pw_gid) == -1 || ++ setgroups(0, NULL) == -1 || setuid(pw->pw_uid) == -1) - exit(255); + _exit(255); diff --git a/pam.spec b/pam.spec index 449809b..75b6f60 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.1.4 -Release: 1%{?dist} +Release: 2%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, License: BSD and GPLv2+ @@ -359,6 +359,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Fri Jul 15 2011 Tomas Mraz 1.1.4-2 +- clear supplementary groups in pam_console handler execution + * Mon Jun 27 2011 Tomas Mraz 1.1.4-1 - upgrade to new upstream release