Re-inject the changes from 4.1.2.1.
This commit is contained in:
parent
5b194e290c
commit
21c692d23f
20
ChangeLog
20
ChangeLog
@ -1,3 +1,7 @@
|
||||
2008-07-12 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* ChangeLog, NEWS, src/login.c: Re-inject the changes from 4.1.2.1.
|
||||
|
||||
2008-07-11 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/usermod.c: Do not call usr_update() if it will have no
|
||||
@ -1236,6 +1240,22 @@
|
||||
|
||||
* configure.in: Allow --disable-man and --enable-man=no.
|
||||
|
||||
2008-06-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
Prepare the 4.1.2.1 release
|
||||
* NEWS: set the release date.
|
||||
* man/po/*.po, po/*.po: Updated PO files.
|
||||
* configure.in: Set the version to 4.1.2.1.
|
||||
|
||||
2008-06-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* NEWS, src/login.c: Fix an "audit log injection" vulnerability in
|
||||
login. This is similar to CVE-2008-1926 (util-linux-ng's login).
|
||||
This vulnerability makes it easier for attackers to hide
|
||||
activities by modifying portions of log events, e.g. by appending
|
||||
an addr= statement to the login name.
|
||||
* lib/prototypes.h: Added definition of AUDIT_NO_ID.
|
||||
|
||||
2008-05-25 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
Prepare the 4.1.2 release
|
||||
|
10
NEWS
10
NEWS
@ -1,6 +1,6 @@
|
||||
$Id$
|
||||
|
||||
shadow-4.1.2 -> shadow-4.1.3 UNRELEASED
|
||||
shadow-4.1.2.1 -> shadow-4.1.3 UNRELEASED
|
||||
|
||||
*** general:
|
||||
- newusers
|
||||
@ -9,6 +9,14 @@ shadow-4.1.2 -> shadow-4.1.3 UNRELEASED
|
||||
* Allow adding LDAP users (or any user not present in the local passwd
|
||||
file) to local groups
|
||||
|
||||
shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008
|
||||
|
||||
*** security
|
||||
- Fix an "audit log injection" vulnerability in login.
|
||||
This vulnerability makes it easier for attackers to hide activities by
|
||||
modifying portions of log events, e.g. by appending an addr= statement
|
||||
to the login name.
|
||||
|
||||
shadow-4.1.1 -> shadow-4.1.2 25-05-2008
|
||||
|
||||
*** security:
|
||||
|
52
src/login.c
52
src/login.c
@ -745,31 +745,19 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifdef WITH_AUDIT
|
||||
{
|
||||
struct passwd *pw;
|
||||
char buf[64];
|
||||
|
||||
audit_fd = audit_open ();
|
||||
/* local, no need for xgetpwnam */
|
||||
pw = getpwnam (username);
|
||||
if (NULL != pw) {
|
||||
snprintf (buf, sizeof (buf),
|
||||
"uid=%lu",
|
||||
(unsigned long) pw->pw_uid);
|
||||
audit_log_user_message
|
||||
(audit_fd, AUDIT_USER_LOGIN,
|
||||
buf, hostname, NULL,
|
||||
tty, 0);
|
||||
} else {
|
||||
snprintf (buf, sizeof (buf),
|
||||
"acct=%s", username);
|
||||
audit_log_user_message
|
||||
(audit_fd, AUDIT_USER_LOGIN,
|
||||
buf, hostname, NULL,
|
||||
tty, 0);
|
||||
}
|
||||
audit_log_acct_message (audit_fd,
|
||||
AUDIT_USER_LOGIN,
|
||||
NULL, /* Prog. name */
|
||||
"login",
|
||||
(NULL!=username)?username
|
||||
:"(unknown)",
|
||||
AUDIT_NO_ID,
|
||||
hostname,
|
||||
NULL, /* addr */
|
||||
tty,
|
||||
0); /* result */
|
||||
close (audit_fd);
|
||||
}
|
||||
#endif /* WITH_AUDIT */
|
||||
|
||||
fprintf (stderr, "\nLogin incorrect\n");
|
||||
@ -1050,16 +1038,18 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifdef WITH_AUDIT
|
||||
{
|
||||
char buf[32];
|
||||
|
||||
audit_fd = audit_open ();
|
||||
snprintf (buf, sizeof (buf), "uid=%lu",
|
||||
(unsigned long) pwd->pw_uid);
|
||||
audit_log_user_message (audit_fd, AUDIT_USER_LOGIN,
|
||||
buf, hostname, NULL, tty, 1);
|
||||
audit_log_acct_message (audit_fd,
|
||||
AUDIT_USER_LOGIN,
|
||||
NULL, /* Prog. name */
|
||||
"login",
|
||||
NULL, /* user's name => use uid */
|
||||
(unsigned int) pwd->pw_uid,
|
||||
hostname,
|
||||
NULL, /* addr */
|
||||
tty,
|
||||
1); /* result */
|
||||
close (audit_fd);
|
||||
}
|
||||
#endif /* WITH_AUDIT */
|
||||
|
||||
#ifndef USE_PAM /* pam_lastlog handles this */
|
||||
|
Loading…
Reference in New Issue
Block a user