57bfa4578c
and pam_mail - CVE-2010-3316 (#637898), CVE-2010-3435 (#641335) - fix insecure executing of scripts with user supplied environment variables in pam_namespace - CVE-2010-3853 (#643043)
38 lines
1.5 KiB
Diff
38 lines
1.5 KiB
Diff
diff -up Linux-PAM-1.1.1/modules/pam_namespace/pam_namespace.c.execle Linux-PAM-1.1.1/modules/pam_namespace/pam_namespace.c
|
|
--- Linux-PAM-1.1.1/modules/pam_namespace/pam_namespace.c.execle 2009-04-09 10:07:19.000000000 +0200
|
|
+++ Linux-PAM-1.1.1/modules/pam_namespace/pam_namespace.c 2010-10-20 10:42:19.000000000 +0200
|
|
@@ -1181,14 +1181,15 @@ static int inst_init(const struct polydi
|
|
} else {
|
|
pid = fork();
|
|
if (pid == 0) {
|
|
+ static char *envp[] = { NULL };
|
|
#ifdef WITH_SELINUX
|
|
if (idata->flags & PAMNS_SELINUX_ENABLED) {
|
|
if (setexeccon(NULL) < 0)
|
|
_exit(1);
|
|
}
|
|
#endif
|
|
- if (execl(init_script, init_script,
|
|
- polyptr->dir, ipath, newdir?"1":"0", idata->user, (char *)NULL) < 0)
|
|
+ if (execle(init_script, init_script,
|
|
+ polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0)
|
|
_exit(1);
|
|
} else if (pid > 0) {
|
|
while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) &&
|
|
@@ -1608,13 +1609,14 @@ static int cleanup_tmpdirs(struct instan
|
|
if (pptr->method == TMPDIR && access(pptr->instance_prefix, F_OK) == 0) {
|
|
pid = fork();
|
|
if (pid == 0) {
|
|
+ static char *envp[] = { NULL };
|
|
#ifdef WITH_SELINUX
|
|
if (idata->flags & PAMNS_SELINUX_ENABLED) {
|
|
if (setexeccon(NULL) < 0)
|
|
_exit(1);
|
|
}
|
|
#endif
|
|
- if (execl("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, (char *)NULL) < 0)
|
|
+ if (execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp) < 0)
|
|
_exit(1);
|
|
} else if (pid > 0) {
|
|
while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) &&
|