vbatts/shadow-utils-newxidmap
1
0
Fork 0
Code Issues Pull requests Releases Activity

Multiple fixes.

Browse source 
- unlock also passwords locked with passwd -l
- prevent breaking user entry by entering a password containing colon
- fix possible DoS when locking the database files for update
- properly use login.defs from the chroot in useradd
This commit is contained in:
Tomas Mraz 2015-08-27 15:53:13 +02:00
parent 283bf24723
commit 25899fefb0
4 changed files with 91 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
shadow-4.2.1-no-lock-dos.patch Normal file
View file

@ -0,0 +1,15 @@
diff -up shadow-4.2.1/lib/commonio.c.no-lock-dos shadow-4.2.1/lib/commonio.c
--- shadow-4.2.1/lib/commonio.c.no-lock-dos 2015-08-27 15:09:17.101537812 +0200
+++ shadow-4.2.1/lib/commonio.c 2015-08-27 15:11:06.643011248 +0200
@@ -140,7 +140,10 @@ static int do_lock_file (const char *fil
int retval;
char buf[32];
- fd = open (file, O_CREAT | O_EXCL | O_WRONLY, 0600);
+ /* We depend here on the fact, that the file name is pid-specific.
+ * So no O_EXCL here and no DoS.
+ */
+ fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
if (-1 == fd) {
if (log) {
(void) fprintf (stderr,