Commit Graph

2066 Commits

Author SHA1 Message Date
Tobias Stoeckmann
08fd4b69e8 su: properly clear child PID
If su is compiled with PAM support, it is possible for any local user
to send SIGKILL to other processes with root privileges. There are
only two conditions. First, the user must be able to perform su with
a successful login. This does NOT have to be the root user, even using
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
can only be sent to processes which were executed after the su process.
It is not possible to send SIGKILL to processes which were already
running. I consider this as a security vulnerability, because I was
able to write a proof of concept which unlocked a screen saver of
another user this way.
2017-02-23 09:47:29 -06:00
Serge Hallyn
24130c882d Merge pull request #67 from AdamMajer/upstream
Print error on exec failure + cosmetic changes
2017-02-21 14:37:42 -06:00
Adam Majer
759f94e17a Remove extra parenthesis 2017-02-20 14:50:30 +01:00
Adam Majer
90c0525c7e Remove unnecessary static variable usage 2017-02-20 14:48:55 +01:00
Josef Möllers
5ac4918bdd Add error handling in case exec fails
We should print error message if exec fails, for some reason.
2017-02-20 14:32:37 +01:00
Serge Hallyn
3f9af9deb9 Update changelog 2017-02-11 09:03:56 -06:00
David Michael
c6b0664f52 useradd: Read defaults after changing root directories
This reverts the behavior of "useradd --root" to using the settings
from login.defs in the target root directory, not the root of the
executed useradd command.
2017-02-11 08:59:49 -06:00
Josef Moellers
e36c0a418a Deleted a misplaced semicolon. 2017-02-11 08:55:07 -06:00
Baurzhan Muftakhidinov
efc8c61f75 Update Kazakh translation
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-02-08 16:40:53 -06:00
Serge Hallyn
44c690cd9a Merge pull request #59 from rbalint/master
Patches from the Debian BTS
2017-02-04 20:27:17 -06:00
Serge Hallyn
f84a88a824 Update changelog 2017-01-29 14:49:03 -06:00
Bernhard Rosenkränzer
c33ceddc26 Don't crash on bogus keys in login.defs if PAM is enabled
Without this patch, PAM enabled builds crash when encountering an
invalid key in login.defs or key overrides because of array overflows

To reproduce, simply
	useradd -K Windows=broken

Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:47:24 -06:00
Jakub Wilk
6a750c7a50 zh_TW.po: Remove duplicated Plural-Forms
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:42:35 -06:00
Serge Hallyn
f288c4fcef Changelog for last commit 2017-01-29 14:38:44 -06:00
Tomas Mraz
ee9e506af2 Make the group and user allocation more effective.
Previously, the allocation was optimized for an outdated
deployment style (that of /etc/group alongside nss_db). The issue
here is that this results in extremely poor performance when using
SSSD, Winbind or nss_ldap.

There were actually two serious bugs here that have been addressed:

1) Running getgrent() loops won't work in most SSSD or Winbind
environments, as full group enumeration is disabled by default.
This could easily result in auto-allocating a group that was
already in use. (This might result in a security issue as well, if
the shared GID is a privileged group).

2) For system groups, the loop was always iterating through the
complete SYS_GID_MIN->SYS_GID_MAX range. On SSSD and Winbind, this
means hundreds of round-trips to LDAP (unless the GIDs were
specifically configured to be ignored by the SSSD or winbindd).
To a user with a slow connection to their LDAP server, this would
appear as if groupadd -r was hung. (Though it would eventually
complete).

This patch changes the algorithm to be more favorable for LDAP
environments, at the expense of some performance when using nss_db.
Given that the DB is a local service, this should have a negligible
effect from a user's perspective.

With the new algorithm, we simply first iterate through all entries
in the local database with gr_next(), recording the IDs that are in
use. We then start from the highest presumed-available entry and
call getgrgid() to see if it is available. We continue this until
we come to the first unused GID. We then select that and return it.

If we make it through all the remaining IDs without finding a free
one, we start over from the beginning of the range and try to find
room in one of the gaps in the range.

The patch was originally written by Stephen Gallagher and applied
identically also to the user allocation by Tomáš Mráz.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2017-01-29 14:37:21 -06:00
Lars Bahner
8a122a90fa Fix some spelling issues in the Norwegian translation 2017-01-19 18:44:54 +01:00
Thomas Blein
45f141ce69 French manpage translation 2017-01-19 17:39:42 +01:00
Holger Wansing
a9824dc6a3 Update for German man pages 2017-01-19 17:36:55 +01:00
Miroslav Kuře
84228eaeda Updated Czech translation 2017-01-19 17:26:22 +01:00
Frans Spiesschaert
c739407f92 Dutch translation update 2017-01-19 17:15:11 +01:00
Micah Anderson
578d495f91 Last bits of enabling subuids
This patch has been carried by Debian, originally
submitted to BTS in #739981
2017-01-18 18:06:05 +01:00
Simon Kainz
bdd68116b7 Typos fix in german translation of man pages
Reported to Debian BTS in #734609
2017-01-18 17:24:44 +01:00
Balint Reczey
c8508fabd0 Replace user´s -> user's to make login.def files valid ASCII instead of UTF-8
The Unicode character caused issues in LANG=C environment.
See Debian bug #850338 for details.
2017-01-18 16:54:51 +01:00
Serge Hallyn
36bc770ed4 Update changelog 2016-12-21 12:58:05 -06:00
Serge Hallyn
5701e147ef Update _COMMONIO_H and _SHADOWIO_H to drop leading underscore
Closes #23

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:45:50 -06:00
Serge Hallyn
5fc99f02cf Merge pull request #58 from juiceme/master
shadow: Add auditing support to su
2016-12-21 12:41:39 -06:00
Serge Hallyn
411f540590 Fix s/from/to/ in usermod.c error message
Closes #49

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2016-12-21 12:40:08 -06:00
Michael Vetter
b2bd56a012 Reset user in tallylog
The useradd application resets the user data in /var/log/faillog, if it
exists and a new user is created.

pam_tally2 is used in many distributions.

Check for /var/log/tallylog and reset the user there.

Patch was written by Josef Moellers <jmoellers@suse.de>.

https://bugzilla.suse.com/show_bug.cgi?id=980486
2016-12-21 12:36:11 -06:00
Jussi Ohenoja
a3bf32fe87 shadow: Add auditing support to su
This patch extends the auditing feature used in login to su.

Signed-off-by: Jussi Ohenoja <jussi.ohenoja@nokia.com>
2016-12-13 18:44:19 +02:00
Serge Hallyn
9e93c984f7 Merge pull request #17 from wking/includes-to-am-cppflags
*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS
2016-12-07 00:01:54 -06:00
Serge Hallyn
d7ce9430ca Revert "Add files via upload"
This has caused build errors.  Please feel free to re-submit.

This reverts commit 93e3044c6d.
2016-12-06 23:31:58 -06:00
Serge Hallyn
0fb53623a5 Merge pull request #55 from glensc/travis2
enable travis integration
2016-12-06 23:27:19 -06:00
Serge Hallyn
9ad34243aa Merge pull request #52 from vapier/master
autotools refresh
2016-12-06 23:24:42 -06:00
Serge Hallyn
06f719e501 Merge pull request #53 from vapier/prototypes
include getdef.h for getdef_bool prototype
2016-12-06 23:23:17 -06:00
Elan Ruusamäe
f439149cb3 run travis 2016-12-06 01:09:17 +02:00
Mike Frysinger
32c0b283ef include getdef.h for getdef_bool prototype
Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
2016-12-05 17:15:29 -05:00
Mike Frysinger
6e91297fa2 enable silent build output by default
Enable the automake feature to produce silent output by default.
When compiling code, we now see things like:
$ make
  CC       addgrps.o
  CC       age.o
  CC       audit_help.o
...

This can be disabled via configure's --disable-silent-rules or
by passing V=1 to make.

Custom output (like in the man subdirs) don't (yet) respect this
feature.  More work will be needed to clean those up.
2016-12-05 16:02:55 -05:00
Mike Frysinger
752ca15da4 man: make clean-local more robust
If the subdirs aren't empty, the rmdir calls can fail.  Simplify this
code by just using `rm -rf` since that matches what we really want.
2016-12-05 16:02:19 -05:00
Mike Frysinger
e33cb8ae12 switch bz2 dist to xz
Since xz is fairly common nowadays, and is typically smaller/faster than
bzip2 for people to decompress, switch shadow over too.  We also merge
the two init locations into configure.ac to match newer autotools style.

The min automake version is bumped to 1.11 too since that's when xz was
released.
2016-12-05 15:57:34 -05:00
Mike Frysinger
10bd7bab14 ignore config.cache & dist files
config.cache is generated when running `./configure -C`.

The tarballs are generated when running `make dist`.
2016-12-05 15:48:10 -05:00
Mike Frysinger
84f0ae00d2 configure: avoid deprecated AC_INIT/AM_INIT_AUTOMAKE invocation
The autoconf/automake guys want AC_INIT to be passed the details of the
package directly rather than going through AM_INIT_AUTOMAKE.  Update them
both to use the newer style.

This also allows us to pass in contact details for the project.

We set the minimum autoconf version to 2.64 as that's the first one to
support passing the homepage URL in to AC_INIT.  That's a pretty old
release by now, so it shouldn't be a problem.
2016-12-05 15:43:20 -05:00
Serge Hallyn
e3f213305b update Changelog 2016-12-02 16:15:28 -06:00
Serge Hallyn
d886cf40ef Merge pull request #48 from t8m/fedora
Four simple patches from the Fedora package to merge
2016-12-02 16:14:24 -06:00
Serge Hallyn
d572e3b1f9 update changelog, finally 2016-12-02 13:41:49 -06:00
Serge Hallyn
816bd48c83 Merge pull request #50 from m4sk1n/master
update Polish translation
2016-11-25 11:58:14 -06:00
m4sk1n
05563a7832 Merge pull request #1 from m4sk1n/pl-translation-update
Add files via upload
2016-11-24 09:16:48 +01:00
m4sk1n
93e3044c6d Add files via upload
81% completed
2016-11-24 09:07:41 +01:00
Serge Hallyn
6825e6c90a Merge pull request #43 from Blub/suidbins-rule-fixup
buildsys: fix suidubins assignments
2016-11-18 20:13:48 -06:00
Tomas Mraz
6401c5b4ee snprintf() always terminates output with \0 2016-11-15 16:05:44 +01:00
Tomas Mraz
4471e5419d Keep the permissions of the original file when creating a backup. 2016-11-15 16:04:24 +01:00