diff options
Diffstat (limited to 'source/a/pam/patches')
| -rw-r--r-- | source/a/pam/patches/pam.etc.environment.better.comments.diff | 15 | ||||
| -rw-r--r-- | source/a/pam/patches/pam.pam_tally2.no.fsync.patch | 35 | ||||
| -rw-r--r-- | source/a/pam/patches/pam.pam_tally2.slackware.diff | 11 |
3 files changed, 61 insertions, 0 deletions
diff --git a/source/a/pam/patches/pam.etc.environment.better.comments.diff b/source/a/pam/patches/pam.etc.environment.better.comments.diff new file mode 100644 index 000000000..6899e4c14 --- /dev/null +++ b/source/a/pam/patches/pam.etc.environment.better.comments.diff @@ -0,0 +1,15 @@ +--- ./modules/pam_env/environment.orig 2017-02-10 04:10:15.000000000 -0600 ++++ ./modules/pam_env/environment 2020-01-02 14:40:48.793005303 -0600 +@@ -1,5 +1,10 @@ +-# +-# This file is parsed by pam_env module ++# /etc/environment ++# This file is parsed by pam_env module. ++# This file may contain environment variable settings that should be used ++# system-wide. Please note that it is not a script file and should only ++# contain assignment expressions, one per line. ++# The environment variables in this file will be loaded before those in other ++# files such as: /etc/profile, /etc/profile.d/*, ~/.profile, etc. + # + # Syntax: simple "KEY=VAL" pairs on separate lines + # diff --git a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch new file mode 100644 index 000000000..15b40115d --- /dev/null +++ b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch @@ -0,0 +1,35 @@ +From b136bff25e93be6f11de74aca03569022364b973 Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name> +Date: Mon, 25 Feb 2019 20:50:48 +0100 +Subject: [PATCH] pam_tally2: Remove unnecessary fsync() + +pam_tally2 does fsync() after writing to a tally file. +This causes hard drive cache flushes on every failed SSH login on many +(if not most) filesystems. +And an internet-exposed machine can have a lot of these failed logins. + +This operation however doesn't seem to be necessary - the pam_tally2 +module does not do any operation which would need explicit post-crash +ordering, it just does simple file reads and writes. +And doing a fsync() after them doesn't close any race if the system happens +to crash between a write being posted and its fsync() completion. + +Let's remove this operation to get rid of all these extra cache flushes. +--- + modules/pam_tally2/pam_tally2.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c +index 984edf6a..ce7f5aee 100644 +--- a/modules/pam_tally2/pam_tally2.c ++++ b/modules/pam_tally2/pam_tally2.c +@@ -484,10 +484,6 @@ set_tally(pam_handle_t *pamh, uid_t uid, + } + } + +- if (fsync(*tfile)) { +- pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename); +- return PAM_AUTH_ERR; +- } + return PAM_SUCCESS; + } diff --git a/source/a/pam/patches/pam.pam_tally2.slackware.diff b/source/a/pam/patches/pam.pam_tally2.slackware.diff new file mode 100644 index 000000000..8ab853210 --- /dev/null +++ b/source/a/pam/patches/pam.pam_tally2.slackware.diff @@ -0,0 +1,11 @@ +--- ./modules/Makefile.am.orig 2019-07-16 13:18:28.619322386 -0500 ++++ ./modules/Makefile.am 2019-07-16 13:45:49.260371056 -0500 +@@ -10,7 +10,7 @@ + pam_mkhomedir pam_motd pam_namespace pam_nologin \ + pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ + pam_selinux pam_sepermit pam_shells pam_stress \ +- pam_succeed_if pam_time pam_timestamp \ ++ pam_succeed_if pam_tally2 pam_time pam_timestamp \ + pam_tty_audit pam_umask \ + pam_unix pam_userdb pam_warn pam_wheel pam_xauth + |