Re-inject the changes from 4.1.2.1.
This commit is contained in:
parent
5b194e290c
commit
21c692d23f
20
ChangeLog
20
ChangeLog
@ -1,3 +1,7 @@
|
|||||||
|
2008-07-12 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* ChangeLog, NEWS, src/login.c: Re-inject the changes from 4.1.2.1.
|
||||||
|
|
||||||
2008-07-11 Nicolas François <nicolas.francois@centraliens.net>
|
2008-07-11 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/usermod.c: Do not call usr_update() if it will have no
|
* src/usermod.c: Do not call usr_update() if it will have no
|
||||||
@ -1236,6 +1240,22 @@
|
|||||||
|
|
||||||
* configure.in: Allow --disable-man and --enable-man=no.
|
* configure.in: Allow --disable-man and --enable-man=no.
|
||||||
|
|
||||||
|
2008-06-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
Prepare the 4.1.2.1 release
|
||||||
|
* NEWS: set the release date.
|
||||||
|
* man/po/*.po, po/*.po: Updated PO files.
|
||||||
|
* configure.in: Set the version to 4.1.2.1.
|
||||||
|
|
||||||
|
2008-06-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* NEWS, src/login.c: Fix an "audit log injection" vulnerability in
|
||||||
|
login. This is similar to CVE-2008-1926 (util-linux-ng's login).
|
||||||
|
This vulnerability makes it easier for attackers to hide
|
||||||
|
activities by modifying portions of log events, e.g. by appending
|
||||||
|
an addr= statement to the login name.
|
||||||
|
* lib/prototypes.h: Added definition of AUDIT_NO_ID.
|
||||||
|
|
||||||
2008-05-25 Nicolas François <nicolas.francois@centraliens.net>
|
2008-05-25 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
Prepare the 4.1.2 release
|
Prepare the 4.1.2 release
|
||||||
|
10
NEWS
10
NEWS
@ -1,6 +1,6 @@
|
|||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
shadow-4.1.2 -> shadow-4.1.3 UNRELEASED
|
shadow-4.1.2.1 -> shadow-4.1.3 UNRELEASED
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- newusers
|
- newusers
|
||||||
@ -9,6 +9,14 @@ shadow-4.1.2 -> shadow-4.1.3 UNRELEASED
|
|||||||
* Allow adding LDAP users (or any user not present in the local passwd
|
* Allow adding LDAP users (or any user not present in the local passwd
|
||||||
file) to local groups
|
file) to local groups
|
||||||
|
|
||||||
|
shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008
|
||||||
|
|
||||||
|
*** security
|
||||||
|
- Fix an "audit log injection" vulnerability in login.
|
||||||
|
This vulnerability makes it easier for attackers to hide activities by
|
||||||
|
modifying portions of log events, e.g. by appending an addr= statement
|
||||||
|
to the login name.
|
||||||
|
|
||||||
shadow-4.1.1 -> shadow-4.1.2 25-05-2008
|
shadow-4.1.1 -> shadow-4.1.2 25-05-2008
|
||||||
|
|
||||||
*** security:
|
*** security:
|
||||||
|
52
src/login.c
52
src/login.c
@ -745,31 +745,19 @@ int main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
{
|
|
||||||
struct passwd *pw;
|
|
||||||
char buf[64];
|
|
||||||
|
|
||||||
audit_fd = audit_open ();
|
audit_fd = audit_open ();
|
||||||
/* local, no need for xgetpwnam */
|
audit_log_acct_message (audit_fd,
|
||||||
pw = getpwnam (username);
|
AUDIT_USER_LOGIN,
|
||||||
if (NULL != pw) {
|
NULL, /* Prog. name */
|
||||||
snprintf (buf, sizeof (buf),
|
"login",
|
||||||
"uid=%lu",
|
(NULL!=username)?username
|
||||||
(unsigned long) pw->pw_uid);
|
:"(unknown)",
|
||||||
audit_log_user_message
|
AUDIT_NO_ID,
|
||||||
(audit_fd, AUDIT_USER_LOGIN,
|
hostname,
|
||||||
buf, hostname, NULL,
|
NULL, /* addr */
|
||||||
tty, 0);
|
tty,
|
||||||
} else {
|
0); /* result */
|
||||||
snprintf (buf, sizeof (buf),
|
|
||||||
"acct=%s", username);
|
|
||||||
audit_log_user_message
|
|
||||||
(audit_fd, AUDIT_USER_LOGIN,
|
|
||||||
buf, hostname, NULL,
|
|
||||||
tty, 0);
|
|
||||||
}
|
|
||||||
close (audit_fd);
|
close (audit_fd);
|
||||||
}
|
|
||||||
#endif /* WITH_AUDIT */
|
#endif /* WITH_AUDIT */
|
||||||
|
|
||||||
fprintf (stderr, "\nLogin incorrect\n");
|
fprintf (stderr, "\nLogin incorrect\n");
|
||||||
@ -1050,16 +1038,18 @@ int main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
{
|
|
||||||
char buf[32];
|
|
||||||
|
|
||||||
audit_fd = audit_open ();
|
audit_fd = audit_open ();
|
||||||
snprintf (buf, sizeof (buf), "uid=%lu",
|
audit_log_acct_message (audit_fd,
|
||||||
(unsigned long) pwd->pw_uid);
|
AUDIT_USER_LOGIN,
|
||||||
audit_log_user_message (audit_fd, AUDIT_USER_LOGIN,
|
NULL, /* Prog. name */
|
||||||
buf, hostname, NULL, tty, 1);
|
"login",
|
||||||
|
NULL, /* user's name => use uid */
|
||||||
|
(unsigned int) pwd->pw_uid,
|
||||||
|
hostname,
|
||||||
|
NULL, /* addr */
|
||||||
|
tty,
|
||||||
|
1); /* result */
|
||||||
close (audit_fd);
|
close (audit_fd);
|
||||||
}
|
|
||||||
#endif /* WITH_AUDIT */
|
#endif /* WITH_AUDIT */
|
||||||
|
|
||||||
#ifndef USE_PAM /* pam_lastlog handles this */
|
#ifndef USE_PAM /* pam_lastlog handles this */
|
||||||
|
Loading…
Reference in New Issue
Block a user