summaryrefslogtreecommitdiffstats
path: root/source/a/shadow
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2018-05-28 19:12:29 +0000
committer Eric Hameleers <alien@slackware.com>2018-05-31 23:39:35 +0200
commit646a5c1cbfd95873950a87b5f75d52073a967023 (patch)
treeb8b8d2ab3b0d432ea69ad1a64d1c789649d65020 /source/a/shadow
parentd31c50870d0bee042ce660e445c9294a59a3a65b (diff)
downloadcurrent-646a5c1cbfd95873950a87b5f75d52073a967023.tar.gz
current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.xz
Mon May 28 19:12:29 UTC 201820180528191229
a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/a/shadow')
-rw-r--r--source/a/shadow/shadow.CVE-2017-2616.diff55
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild33
-rw-r--r--source/a/shadow/shadow.login.display.short.hostname.diff18
-rw-r--r--source/a/shadow/slack-desc10
4 files changed, 104 insertions, 12 deletions
diff --git a/source/a/shadow/shadow.CVE-2017-2616.diff b/source/a/shadow/shadow.CVE-2017-2616.diff
new file mode 100644
index 000000000..4a5c44222
--- /dev/null
+++ b/source/a/shadow/shadow.CVE-2017-2616.diff
@@ -0,0 +1,55 @@
+su: properly clear child PID
+
+If su is compiled with PAM support, it is possible for any local user
+to send SIGKILL to other processes with root privileges. There are
+only two conditions. First, the user must be able to perform su with
+a successful login. This does NOT have to be the root user, even using
+su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
+can only be sent to processes which were executed after the su process.
+It is not possible to send SIGKILL to processes which were already
+running. I consider this as a security vulnerability, because I was
+able to write a proof of concept which unlocked a screen saver of
+another user this way.
+
+diff --git a/src/su.c b/src/su.c
+index f20d230..d86aa86 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void)
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
++ } else {
++ pid_child = 0;
+ }
+ } while (!stop);
+ }
+
+- if (0 != caught) {
++ if (0 != caught && 0 != pid_child) {
+ (void) fputs ("\n", stderr);
+ (void) fputs (_("Session terminated, terminating shell..."),
+ stderr);
+@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void)
+ snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
+
+ (void) signal (SIGALRM, kill_child);
++ (void) signal (SIGCHLD, catch_signals);
+ (void) alarm (2);
+
+- (void) wait (&status);
++ sigemptyset (&ourset);
++ if ((sigaddset (&ourset, SIGALRM) != 0)
++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
++ kill_child (0);
++ } else {
++ while (0 == waitpid (pid_child, &status, WNOHANG)) {
++ sigsuspend (&ourset);
++ }
++ pid_child = 0;
++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
++ }
++
+ (void) fputs (_(" ...terminated.\n"), stderr);
+ }
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index 633d38514..992944e8f 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
-# Copyright 2005-2014 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2005-2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -20,28 +20,37 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+cd $(dirname $0) ; CWD=$(pwd)
+
PKGNAM=shadow
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
- i?86) export ARCH=i486 ;;
+ i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
NUMJOBS=${NUMJOBS:--j6}
-CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/package-shadow
-if [ "$ARCH" = "i486" ]; then
- SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
elif [ "$ARCH" = "x86_64" ]; then
@@ -69,10 +78,20 @@ done
# breakage:
zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1
+# Patch a race condition that allows a user to kill processes that they don't
+# own. Note that the bug requires that shadow is using PAM, which is not yet
+# the case on Slackware. So we're unaffected, but patching this anyway in
+# -current, because you never know...
+zcat $CWD/shadow.CVE-2017-2616.diff.gz | patch -p1 --verbose || exit 1
+
# Re-run automake because of r3299 patch to man/ru/Makefile.am:
# (not used because it doesn't work... above patch does the intended fix)
#automake -f
+# Even if gethostname() returns the FQDN (long hostname), just display the
+# short version up to the first '.' on the login prompt:
+zcat $CWD/shadow.login.display.short.hostname.diff.gz | patch -p1 --verbose || exit 1
+
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
diff --git a/source/a/shadow/shadow.login.display.short.hostname.diff b/source/a/shadow/shadow.login.display.short.hostname.diff
new file mode 100644
index 000000000..ad5c3eba6
--- /dev/null
+++ b/source/a/shadow/shadow.login.display.short.hostname.diff
@@ -0,0 +1,18 @@
+--- ./libmisc/loginprompt.c.orig 2014-03-01 12:59:51.000000000 -0600
++++ ./libmisc/loginprompt.c 2017-11-21 18:17:27.492000123 -0600
+@@ -99,6 +99,15 @@
+ }
+ }
+ (void) gethostname (buf, sizeof buf);
++ /* Trim away everything after the first '.': */
++ i = 0;
++ while (buf[i] != '\0' && i < sizeof(buf) - 1) {
++ if (buf[i] == '.') {
++ buf[i] = '\0';
++ break;
++ }
++ i++;
++ }
+ printf (prompt, buf);
+ (void) fflush (stdout);
+ }
diff --git a/source/a/shadow/slack-desc b/source/a/shadow/slack-desc
index 57749146e..d8b2266de 100644
--- a/source/a/shadow/slack-desc
+++ b/source/a/shadow/slack-desc
@@ -1,17 +1,17 @@
# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
+# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
shadow: shadow (shadow password suite)
shadow:
shadow: This set of login related programs utilizes an alternate, non-readable
-shadow: file to contain the actual encrypted passwords. This is presumed to
+shadow: file to contain the actual encrypted passwords. This is presumed to
shadow: increase system security by increasing the difficulty with which
-shadow: system crackers obtain encrypted passwords. It was written by
+shadow: system crackers obtain encrypted passwords. It was written by
shadow: Julianne Frances Haugh and the Linux port is maintained by Tomasz
shadow: Kloczko.
shadow: