]>
granicus.if.org Git - shadow/log
Josh Soref [Sun, 22 Oct 2017 20:58:52 +0000 (20:58 +0000)]
spelling: originally
Josh Soref [Sun, 22 Oct 2017 20:58:25 +0000 (20:58 +0000)]
spelling: options
Josh Soref [Sun, 22 Oct 2017 20:54:42 +0000 (20:54 +0000)]
spelling: nonexistent
Josh Soref [Sun, 22 Oct 2017 20:48:57 +0000 (20:48 +0000)]
spelling: negative
Josh Soref [Sun, 22 Oct 2017 20:45:06 +0000 (20:45 +0000)]
spelling: necessary
Josh Soref [Sun, 22 Oct 2017 20:41:18 +0000 (20:41 +0000)]
spelling: multiple
Josh Soref [Sun, 22 Oct 2017 20:39:14 +0000 (20:39 +0000)]
spelling: moment
Josh Soref [Sun, 22 Oct 2017 20:38:52 +0000 (20:38 +0000)]
spelling: modification
Josh Soref [Sun, 22 Oct 2017 20:37:31 +0000 (20:37 +0000)]
spelling: missing
Josh Soref [Sun, 22 Oct 2017 20:34:22 +0000 (20:34 +0000)]
spelling: message
Josh Soref [Sun, 22 Oct 2017 20:33:55 +0000 (20:33 +0000)]
spelling: maximum
Josh Soref [Sun, 22 Oct 2017 20:33:00 +0000 (20:33 +0000)]
spelling: match
Josh Soref [Sun, 22 Oct 2017 20:32:45 +0000 (20:32 +0000)]
spelling: mapping
Josh Soref [Sun, 22 Oct 2017 20:30:00 +0000 (20:30 +0000)]
spelling: many
Josh Soref [Sun, 22 Oct 2017 20:28:57 +0000 (20:28 +0000)]
spelling: logout
Josh Soref [Sun, 22 Oct 2017 20:28:46 +0000 (20:28 +0000)]
spelling: locally
Josh Soref [Sun, 22 Oct 2017 20:24:32 +0000 (20:24 +0000)]
spelling: interactive
Josh Soref [Sun, 22 Oct 2017 20:22:44 +0000 (20:22 +0000)]
spelling: inserted
Josh Soref [Sun, 22 Oct 2017 20:11:27 +0000 (20:11 +0000)]
spelling: improvements
Josh Soref [Sun, 22 Oct 2017 19:47:52 +0000 (19:47 +0000)]
spelling: if the
Josh Soref [Sun, 22 Oct 2017 20:52:44 +0000 (20:52 +0000)]
spelling: if
Josh Soref [Sun, 22 Oct 2017 19:47:08 +0000 (19:47 +0000)]
spelling: gshadow
Josh Soref [Sun, 22 Oct 2017 19:33:50 +0000 (19:33 +0000)]
spelling: groupmod
Josh Soref [Sun, 22 Oct 2017 19:17:02 +0000 (19:17 +0000)]
spelling: gratuitously
Josh Soref [Sun, 22 Oct 2017 19:16:30 +0000 (19:16 +0000)]
spelling: getxxyyy
Josh Soref [Sun, 22 Oct 2017 19:13:08 +0000 (19:13 +0000)]
spelling: forgotten
Josh Soref [Sun, 22 Oct 2017 19:11:52 +0000 (19:11 +0000)]
spelling: faillog
Josh Soref [Sun, 22 Oct 2017 19:11:20 +0000 (19:11 +0000)]
spelling: equivalent
Josh Soref [Sun, 22 Oct 2017 19:10:52 +0000 (19:10 +0000)]
spelling: enviroment
Josh Soref [Sun, 22 Oct 2017 19:10:41 +0000 (19:10 +0000)]
spelling: entered
Josh Soref [Sun, 22 Oct 2017 19:08:39 +0000 (19:08 +0000)]
spelling: else
Josh Soref [Sun, 22 Oct 2017 18:44:58 +0000 (18:44 +0000)]
spelling: display its
Josh Soref [Sun, 22 Oct 2017 18:43:40 +0000 (18:43 +0000)]
spelling: displaying
Josh Soref [Sun, 22 Oct 2017 18:43:48 +0000 (18:43 +0000)]
spelling: displayed
Josh Soref [Sun, 22 Oct 2017 18:40:47 +0000 (18:40 +0000)]
spelling: devices
Josh Soref [Sun, 22 Oct 2017 18:34:35 +0000 (18:34 +0000)]
spelling: default
Josh Soref [Sun, 22 Oct 2017 18:33:13 +0000 (18:33 +0000)]
spelling: cumulative
Josh Soref [Sun, 22 Oct 2017 08:23:57 +0000 (08:23 +0000)]
spelling: created
Josh Soref [Sun, 22 Oct 2017 18:32:19 +0000 (18:32 +0000)]
spelling: conversation
Josh Soref [Sun, 22 Oct 2017 21:07:23 +0000 (21:07 +0000)]
spelling: constraints
Josh Soref [Sun, 22 Oct 2017 18:31:51 +0000 (18:31 +0000)]
spelling: configuration
Josh Soref [Sun, 22 Oct 2017 18:31:24 +0000 (18:31 +0000)]
spelling: conditionally
Josh Soref [Sun, 22 Oct 2017 18:25:35 +0000 (18:25 +0000)]
spelling: comment
Josh Soref [Sun, 22 Oct 2017 18:25:46 +0000 (18:25 +0000)]
spelling: command
Josh Soref [Sun, 22 Oct 2017 18:25:14 +0000 (18:25 +0000)]
spelling: close
Josh Soref [Sun, 22 Oct 2017 18:23:41 +0000 (18:23 +0000)]
spelling: chpasswd
Josh Soref [Sun, 22 Oct 2017 18:22:12 +0000 (18:22 +0000)]
spelling: checking
Josh Soref [Sun, 22 Oct 2017 08:24:23 +0000 (08:24 +0000)]
spelling: changed
Josh Soref [Sun, 22 Oct 2017 08:24:59 +0000 (08:24 +0000)]
spelling: change
Josh Soref [Sun, 22 Oct 2017 08:08:07 +0000 (08:08 +0000)]
spelling: categories
Josh Soref [Sun, 22 Oct 2017 08:05:45 +0000 (08:05 +0000)]
spelling: cannot
Josh Soref [Sun, 22 Oct 2017 18:41:48 +0000 (18:41 +0000)]
spelling: built
Josh Soref [Sun, 22 Oct 2017 08:05:08 +0000 (08:05 +0000)]
spelling: better
Josh Soref [Sun, 22 Oct 2017 08:04:51 +0000 (08:04 +0000)]
spelling: beginning
Josh Soref [Sun, 22 Oct 2017 08:02:00 +0000 (08:02 +0000)]
spelling: available
Josh Soref [Sun, 22 Oct 2017 07:59:41 +0000 (07:59 +0000)]
spelling: attributes
Josh Soref [Sun, 22 Oct 2017 08:00:59 +0000 (08:00 +0000)]
spelling: at the
Josh Soref [Sun, 22 Oct 2017 07:57:56 +0000 (07:57 +0000)]
spelling: applied
Josh Soref [Sun, 22 Oct 2017 07:56:49 +0000 (07:56 +0000)]
spelling: anonymous
Josh Soref [Sun, 22 Oct 2017 07:56:16 +0000 (07:56 +0000)]
spelling: always
Josh Soref [Sun, 22 Oct 2017 07:56:05 +0000 (07:56 +0000)]
spelling: allowed
Josh Soref [Sun, 22 Oct 2017 07:55:43 +0000 (07:55 +0000)]
spelling: address
Josh Soref [Sun, 22 Oct 2017 07:52:04 +0000 (07:52 +0000)]
spelling: account
Serge Hallyn [Fri, 16 Feb 2018 14:40:39 +0000 (08:40 -0600)]
Merge pull request #97 from cyphar/newgidmap-secure-setgroups
newgidmap: enforce setgroups=deny if self-mapping a group
Aleksa Sarai [Thu, 15 Feb 2018 14:37:42 +0000 (01:37 +1100)]
README: add Aleksa Sarai to author list
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Aleksa Sarai [Thu, 15 Feb 2018 12:49:40 +0000 (23:49 +1100)]
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.
This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).
We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".
Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/
1729357
Fixes: CVE-2018-7169
Reported-by: Craig Furman <craig.furman89@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Serge Hallyn [Fri, 19 Jan 2018 04:42:12 +0000 (22:42 -0600)]
Merge pull request #92 from IronicBadger/master
Fixes mispelling of MAX_DAYS help text
Alex Kretzschmar [Wed, 17 Jan 2018 12:21:48 +0000 (12:21 +0000)]
Fixes mispelling of MAX_DAYS help text
Serge Hallyn [Tue, 9 Jan 2018 04:57:43 +0000 (22:57 -0600)]
Merge pull request #90 from t8m/userdel-chroot
Make userdel to work with -R.
Serge Hallyn [Tue, 9 Jan 2018 04:56:23 +0000 (22:56 -0600)]
Merge pull request #91 from kloeri/master
Add note to passwd(1) that --maxdays -1 disables the setting.
Bryan Østergaard [Wed, 3 Jan 2018 17:32:44 +0000 (18:32 +0100)]
Add note to passwd(1) that --maxdays -1 disables the setting.
This note already exists in chage(1).
Tomas Mraz [Thu, 21 Dec 2017 08:12:58 +0000 (09:12 +0100)]
Make userdel to work with -R.
The userdel checks for users with getpwnam() which might not work
properly in chroot. Check for the user's presence in local files only.
Serge Hallyn [Fri, 6 Oct 2017 22:47:31 +0000 (17:47 -0500)]
Merge pull request #86 from WheresAlice/master
Make language more inclusive
Serge Hallyn [Fri, 6 Oct 2017 22:45:31 +0000 (17:45 -0500)]
Merge pull request #82 from t8m/ingroup
newgrp: avoid unnecessary group lookups
Serge Hallyn [Fri, 6 Oct 2017 22:43:47 +0000 (17:43 -0500)]
Merge pull request #84 from jubalh/mentionman
Add note about conditional man pages
Serge Hallyn [Fri, 29 Sep 2017 15:08:47 +0000 (10:08 -0500)]
Merge pull request #85 from jubalh/nosilent
Add warning when turning off man switch
Michael Vetter [Fri, 8 Sep 2017 14:25:29 +0000 (16:25 +0200)]
Add error when turning off man switch
Print a warning and abort in case xsltproc is missing.
WheresAlice [Tue, 19 Sep 2017 18:12:42 +0000 (18:12 +0000)]
Make language less binary
Michael Vetter [Fri, 8 Sep 2017 14:20:18 +0000 (16:20 +0200)]
Add note about conditional man pages
Closes https://github.com/shadow-maint/shadow/issues/83
Tomas Mraz [Mon, 14 Aug 2017 09:38:46 +0000 (11:38 +0200)]
newgrp: avoid unnecessary group lookups
In case a system uses remote identity server (LDAP) the group lookup
can be very slow. We avoid it when we already know the user has the
group membership.
Serge Hallyn [Sun, 16 Jul 2017 22:09:00 +0000 (17:09 -0500)]
nl.po: fix some missing newlines
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Sun, 16 Jul 2017 21:46:21 +0000 (16:46 -0500)]
Import new Dutch translations.
Thanks to Frans Spiesschaert.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Serge Hallyn [Tue, 11 Jul 2017 02:52:02 +0000 (21:52 -0500)]
update changelog for last commit
sbts [Sun, 18 Jun 2017 14:23:01 +0000 (22:23 +0800)]
add error constant names to groupmod.8.xml This assists someone wanting to work out what may have caused the error
sbts [Sun, 18 Jun 2017 14:17:01 +0000 (22:17 +0800)]
implement and document additional error codes for groupmod add E_CLEANUP_SERVICE, E_PAM_USERNAME, E_PAM_ERROR to groupmod.c and groupmod.8.xml
Serge Hallyn [Fri, 16 Jun 2017 03:41:25 +0000 (22:41 -0500)]
Merge pull request #74 from AdamMajer/upstream
support dynamically added users via pam_group
Serge Hallyn [Fri, 16 Jun 2017 03:38:01 +0000 (22:38 -0500)]
Merge pull request #76 from edmorley/fix-changelog-dates
Correct wrong year in ChangeLog dates
Ed Morley [Thu, 15 Jun 2017 13:34:46 +0000 (14:34 +0100)]
Correct wrong year in ChangeLog dates
The recently added entries were actually for 2017.
Adam Majer [Mon, 22 May 2017 11:42:35 +0000 (13:42 +0200)]
support dynamically added users via pam_group
Dynamically added users via pam_group are not listed in groups
databases but are still valid.
Serge Hallyn [Wed, 17 May 2017 19:33:02 +0000 (14:33 -0500)]
release 4.5
Serge Hallyn [Wed, 17 May 2017 19:27:48 +0000 (14:27 -0500)]
update Changelog
Serge Hallyn [Sun, 14 May 2017 16:41:40 +0000 (11:41 -0500)]
Merge pull request #72 from stoeckmann/su-regression
Reset pid_child only if waitpid was successful.
Tobias Stoeckmann [Sun, 14 May 2017 15:58:10 +0000 (17:58 +0200)]
Reset pid_child only if waitpid was successful.
Do not reset the pid_child to 0 if the child process is still
running. This else-condition can be reached with pid being -1,
therefore explicitly test this condition.
This is a regression fix for CVE-2017-2616. If su receives a
signal like SIGTERM, it is not propagated to the child.
Reported-by: Radu Duta <raduduta@gmail.com>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Serge Hallyn [Wed, 19 Apr 2017 22:11:32 +0000 (17:11 -0500)]
Merge pull request #71 from lamby/sp_lstchg-reproducible-857803
Make the sp_lstchg shadow field reproducible.
Chris Lamb [Wed, 15 Mar 2017 10:36:21 +0000 (10:36 +0000)]
Make the sp_lstchg shadow field reproducible.
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:
username:17238:0:99999:7:::
whilst creating the same user tomorrow will result in:
username:17239:0:99999:7:::
This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.
This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.
[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
Signed-off-by: Chris Lamb <lamby@debian.org>
Serge Hallyn [Sat, 1 Apr 2017 20:46:05 +0000 (15:46 -0500)]
Merge pull request #70 from t8m/master
Fix buffer overflow if NULL line is present in db.
Tomas Mraz [Fri, 31 Mar 2017 14:25:06 +0000 (16:25 +0200)]
Fix buffer overflow if NULL line is present in db.
If ptr->line == NULL for an entry, the first cycle will exit,
but the second one will happily write past entries buffer.
We actually do not want to exit the first cycle prematurely
on ptr->line == NULL.
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
Serge Hallyn [Mon, 27 Mar 2017 13:24:40 +0000 (08:24 -0500)]
Merge pull request #68 from yurayko/master
updated russian translation
Serge Hallyn [Thu, 23 Mar 2017 22:07:46 +0000 (17:07 -0500)]
user_busy: fix missing close of subuid file on error
Closes #69
Reported-by: plenkow
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Yuri Kozlov [Sat, 18 Mar 2017 07:42:12 +0000 (10:42 +0300)]
Merge branch 'master' of https://github.com/yurayko/shadow