+2008-11-23 Nicolas François <nicolas.francois@centraliens.net>
+
+ * NEWS, libmisc/chowntty.c: Fix a race condition that could lead to
+ gaining ownership or changing mode of arbitrary files.
+
2008-10-11 Nicolas François <nicolas.francois@centraliens.net>
* man/gshadow.5.xml, man/shadow.5.xml, man/passwd.5.xml,
$Id$
-shadow-4.1.2.1 -> shadow-4.1.3 UNRELEASED
+shadow-4.1.2.2 -> shadow-4.1.3 UNRELEASED
*** general:
- packaging
* Allow adding LDAP users (or any user not present in the local passwd
file) to local groups
+shadow-4.1.2.1 -> shadow-4.1.2.2 23-11-2008
+
+*** security
+- Fix a race condition in login that could lead to gaining ownership or
+ changing mode of arbitrary files.
+
shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008
*** security
exit (1);
}
- if ( (chown (tty, info->pw_uid, gid) != 0)
- || (chmod (tty, getdef_num ("TTYPERM", 0600)) != 0)) {
+ if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
+ || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
int err = errno;
- snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty);
+ snprintf (buf, sizeof buf, _("Unable to change tty stdin"));
perror (buf);
SYSLOG ((LOG_WARN,
- "unable to change tty `%s' for user `%s'\n", tty,
+ "unable to change tty stdin for user `%s'\n",
info->pw_name));
closelog ();