diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2013-11-04 17:08:47 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 22:57:36 +0200 |
commit | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch) | |
tree | 9b98e6e193c7870cb27ac861394c1c4592850922 /extra/source/pam/patches/pam-1.1.3-securetty-console.patch | |
parent | 9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff) | |
download | current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.xz |
Slackware 14.1slackware-14.1
Mon Nov 4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!
It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system. Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
Diffstat (limited to 'extra/source/pam/patches/pam-1.1.3-securetty-console.patch')
-rw-r--r-- | extra/source/pam/patches/pam-1.1.3-securetty-console.patch | 120 |
1 files changed, 0 insertions, 120 deletions
diff --git a/extra/source/pam/patches/pam-1.1.3-securetty-console.patch b/extra/source/pam/patches/pam-1.1.3-securetty-console.patch deleted file mode 100644 index 94fa6ecf0..000000000 --- a/extra/source/pam/patches/pam-1.1.3-securetty-console.patch +++ /dev/null @@ -1,120 +0,0 @@ -Index: modules/pam_securetty/pam_securetty.8.xml -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_securetty/pam_securetty.8.xml,v -retrieving revision 1.4 -retrieving revision 1.6 -diff -u -p -r1.4 -r1.6 ---- modules/pam_securetty/pam_securetty.8.xml 18 Aug 2008 13:29:25 -0000 1.4 -+++ modules/pam_securetty/pam_securetty.8.xml 25 Nov 2010 16:58:59 -0000 1.6 -@@ -33,7 +33,9 @@ - user is logging in on a "secure" tty, as defined by the listing - in <filename>/etc/securetty</filename>. pam_securetty also checks - to make sure that <filename>/etc/securetty</filename> is a plain -- file and not world writable. -+ file and not world writable. It will also allow root logins on -+ the tty specified with <option>console=</option> switch on the -+ kernel command line. - </para> - <para> - This module has no effect on non-root users and requires that the -@@ -61,6 +63,18 @@ - </para> - </listitem> - </varlistentry> -+ <varlistentry> -+ <term> -+ <option>noconsole</option> -+ </term> -+ <listitem> -+ <para> -+ Do not automatically allow root logins on the kernel console -+ device, as specified on the kernel command line, if it is -+ not also specified in the <filename>/etc/securetty</filename> file. -+ </para> -+ </listitem> -+ </varlistentry> - </variablelist> - </refsect1> - -Index: modules/pam_securetty/pam_securetty.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_securetty/pam_securetty.c,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -p -r1.14 -r1.15 ---- modules/pam_securetty/pam_securetty.c 10 Sep 2009 10:19:58 -0000 1.14 -+++ modules/pam_securetty/pam_securetty.c 24 Nov 2010 12:28:01 -0000 1.15 -@@ -2,6 +2,7 @@ - - #define SECURETTY_FILE "/etc/securetty" - #define TTY_PREFIX "/dev/" -+#define CMDLINE_FILE "/proc/cmdline" - - /* - * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. -@@ -22,6 +23,7 @@ - #include <pwd.h> - #include <string.h> - #include <ctype.h> -+#include <limits.h> - - /* - * here, we make a definition for the externally accessible function -@@ -38,6 +40,7 @@ - #include <security/pam_ext.h> - - #define PAM_DEBUG_ARG 0x0001 -+#define PAM_NOCONSOLE_ARG 0x0002 - - static int - _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) -@@ -51,6 +54,8 @@ _pam_parse (const pam_handle_t *pamh, in - - if (!strcmp(*argv,"debug")) - ctrl |= PAM_DEBUG_ARG; -+ else if (!strcmp(*argv, "noconsole")) -+ ctrl |= PAM_NOCONSOLE_ARG; - else { - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } -@@ -144,6 +149,40 @@ securetty_perform_check (pam_handle_t *p - } - fclose(ttyfile); - -+ if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { -+ FILE *cmdlinefile; -+ -+ /* Allow access from the kernel console, if enabled */ -+ cmdlinefile = fopen(CMDLINE_FILE, "r"); -+ -+ if (cmdlinefile != NULL) { -+ char line[LINE_MAX], *p; -+ -+ line[0] = 0; -+ fgets(line, sizeof(line), cmdlinefile); -+ fclose(cmdlinefile); -+ -+ for (p = line; p; p = strstr(p+1, "console=")) { -+ char *e; -+ -+ /* Test whether this is a beginning of a word? */ -+ if (p > line && p[-1] != ' ') -+ continue; -+ -+ /* Ist this our console? */ -+ if (strncmp(p + 8, uttyname, strlen(uttyname))) -+ continue; -+ -+ /* Is there any garbage after the TTY name? */ -+ e = p + 8 + strlen(uttyname); -+ if (*e == ',' || *e == ' ' || *e == '\n' || *e == 0) { -+ retval = 0; -+ break; -+ } -+ } -+ } -+ } -+ - if (retval) { - pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", - uttyname); |