to set PAM_TTY.
+2009-04-17 Paul Szabo <psz@maths.usyd.edu.au>
+
+ * NEWS, src/login.c: Do not trust the current utmp entry's ut_line
+ to set PAM_TTY.
+
2009-04-15 Nicolas François <nicolas.francois@centraliens.net>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
* configure.in: Updated version number.
-2009-04-15 Peter Vrabec <pvrabec@redhat.com>
+2009-04-15 Peter Vrabec
<pvrabec@redhat.com>
* NEWS, src/userdel.c: Fixed SE Linux support. semanage should be
called at the end.
* src/useradd.c: Always call selinux_update_mapping() (i.e.
semanage), not only when -Z is used.
-2009-04-15 Peter Vrabec <pvrabec@redhat.com>
+2009-04-15 Peter Vrabec
<pvrabec@redhat.com>
* NEWS, srclib/getlong.c: Fix parsing of octal numbers.
$Id$
+shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
+
+- login
+ * Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
+ lead to DOS attacks.
+
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
*** security:
*/
int main (int argc, char **argv)
{
+ const char *tmptty;
char tty[BUFSIZ];
#ifdef RLOGIN
* entry (will not overwrite remote hostname). --marekm
*/
checkutmp (!amroot);
- STRFCPY (tty, utent.ut_line);
+
+ tmptty = ttyname (0);
+ if (NULL == tmptty) {
+ tmptty = "UNKNOWN";
+ }
+ STRFCPY (tty, tmptty);
+
#ifndef USE_PAM
is_console = console (tty);
#endif
#ifndef USE_PAM /* pam_lastlog handles this */
if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */
- dolastlog (&lastlog, &pwent, utent.ut_line, hostname);
+ dolastlog (&lastlog, &pwent, tty, hostname);
}
#endif
if (getppid() == 1) {
setsid();
if (ioctl(0, TIOCSCTTY, 1) != 0) {
- fprintf (stderr,_("TIOCSCTTY failed on %s"),tty);
+ fprintf (stderr, _("TIOCSCTTY failed on %s"), tty);
}
}
projects / shadow / commitdiff