From: nekral-guest Date: Fri, 17 Apr 2009 20:40:26 +0000 (+0000) Subject: * NEWS, src/login.c: Do not trust the current utmp entry's ut_line X-Git-Tag: 4.1.4~176 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5298ac3dd911e6d977a42a1b5906c42db30533f9;p=shadow * NEWS, src/login.c: Do not trust the current utmp entry's ut_line to set PAM_TTY. --- diff --git a/ChangeLog b/ChangeLog index 46f51fbc..9bd3f942 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,17 +1,22 @@ +2009-04-17 Paul Szabo + + * NEWS, src/login.c: Do not trust the current utmp entry's ut_line + to set PAM_TTY. + 2009-04-15 Nicolas François * po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated. * po/*.po, man/po/*.po: Updated PO files. * configure.in: Updated version number. -2009-04-15 Peter Vrabec +2009-04-15 Peter Vrabec * NEWS, src/userdel.c: Fixed SE Linux support. semanage should be called at the end. * src/useradd.c: Always call selinux_update_mapping() (i.e. semanage), not only when -Z is used. -2009-04-15 Peter Vrabec +2009-04-15 Peter Vrabec * NEWS, srclib/getlong.c: Fix parsing of octal numbers. diff --git a/NEWS b/NEWS index e200ca83..39aa7f0c 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,11 @@ $Id$ +shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED + +- login + * Do not trust the current utmp entry's ut_line to set PAM_TTY. This could + lead to DOS attacks. + shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15 *** security: diff --git a/src/login.c b/src/login.c index 2ba452aa..afa1876c 100644 --- a/src/login.c +++ b/src/login.c @@ -416,6 +416,7 @@ static RETSIGTYPE alarm_handler (unused int sig) */ int main (int argc, char **argv) { + const char *tmptty; char tty[BUFSIZ]; #ifdef RLOGIN @@ -479,7 +480,13 @@ int main (int argc, char **argv) * entry (will not overwrite remote hostname). --marekm */ checkutmp (!amroot); - STRFCPY (tty, utent.ut_line); + + tmptty = ttyname (0); + if (NULL == tmptty) { + tmptty = "UNKNOWN"; + } + STRFCPY (tty, tmptty); + #ifndef USE_PAM is_console = console (tty); #endif @@ -1093,7 +1100,7 @@ int main (int argc, char **argv) #ifndef USE_PAM /* pam_lastlog handles this */ if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */ - dolastlog (&lastlog, &pwent, utent.ut_line, hostname); + dolastlog (&lastlog, &pwent, tty, hostname); } #endif @@ -1147,7 +1154,7 @@ int main (int argc, char **argv) if (getppid() == 1) { setsid(); if (ioctl(0, TIOCSCTTY, 1) != 0) { - fprintf (stderr,_("TIOCSCTTY failed on %s"),tty); + fprintf (stderr, _("TIOCSCTTY failed on %s"), tty); } }