* NEWS, libmisc/chowntty.c: Fix a race condition that could lead to

gaining ownership or changing mode of arbitrary files.
2008-11-22 23:22:16 +00:00 · 2008-11-22 23:22:16 +00:00 · eb4097180b
commit eb4097180b
parent 8d7e1faebf
3 changed files with 16 additions and 5 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2008-11-23  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, libmisc/chowntty.c: Fix a race condition that could lead to
+	gaining ownership or changing mode of arbitrary files.
+
 2008-10-11  Nicolas François  <nicolas.francois@centraliens.net>

 	* man/gshadow.5.xml, man/shadow.5.xml, man/passwd.5.xml,
--- a/8
+++ b/8
@ -1,6 +1,6 @@
 $Id$

-shadow-4.1.2.1 -> shadow-4.1.3						UNRELEASED
+shadow-4.1.2.2 -> shadow-4.1.3						UNRELEASED

 *** general:
 - packaging
@ -59,6 +59,12 @@ shadow-4.1.2.1 -> shadow-4.1.3						UNRELEASED
  * Allow adding LDAP users (or any user not present in the local passwd
    file) to local groups

+shadow-4.1.2.1 -> shadow-4.1.2.2					23-11-2008
+
+*** security
+- Fix a race condition in login that could lead to gaining ownership or
+  changing mode of arbitrary files.
+
 shadow-4.1.2 -> shadow-4.1.2.1						26-06-2008

 *** security
--- a/libmisc/chowntty.c
+++ b/libmisc/chowntty.c
@ -109,14 +109,14 @@ void chown_tty (const char *tty, const struct passwd *info)
 		exit (1);
 	}

-	if (   (chown (tty, info->pw_uid, gid) != 0)
-	    || (chmod (tty, getdef_num ("TTYPERM", 0600)) != 0)) {
+	if (   (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
+	    || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
 		int err = errno;

-		snprintf (buf, sizeof buf, _("Unable to change tty %s"), tty);
+		snprintf (buf, sizeof buf, _("Unable to change tty stdin"));
 		perror (buf);
 		SYSLOG ((LOG_WARN,
-			 "unable to change tty `%s' for user `%s'\n", tty,
+			 "unable to change tty stdin for user `%s'\n",
 			 info->pw_name));
 		closelog ();