summaryrefslogtreecommitdiff
path: root/source/a/shadow
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/shadow')
-rw-r--r--source/a/shadow/patches/unused/r3299.diff12
-rw-r--r--source/a/shadow/shadow.CVE-2005-4890.relax.diff35
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild16
-rw-r--r--source/a/shadow/shadow.glibc217-crypt.diff258
-rw-r--r--source/a/shadow/shadow.url2
5 files changed, 46 insertions, 277 deletions
diff --git a/source/a/shadow/patches/unused/r3299.diff b/source/a/shadow/patches/unused/r3299.diff
deleted file mode 100644
index a46b18f0..00000000
--- a/source/a/shadow/patches/unused/r3299.diff
+++ /dev/null
@@ -1,12 +0,0 @@
-Index: man/ru/Makefile.am
-===================================================================
---- man/ru/Makefile.am (revision 3298)
-+++ man/ru/Makefile.am (revision 3299)
-@@ -1,7 +1,6 @@
- mandir = @mandir@/ru
-
- man_MANS = \
-- $(man_nopam) \
- chage.1 \
- chfn.1 \
- chgpasswd.8 \
diff --git a/source/a/shadow/shadow.CVE-2005-4890.relax.diff b/source/a/shadow/shadow.CVE-2005-4890.relax.diff
new file mode 100644
index 00000000..98425e16
--- /dev/null
+++ b/source/a/shadow/shadow.CVE-2005-4890.relax.diff
@@ -0,0 +1,35 @@
+From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Wed, 04 Dec 2013
+Subject: restrict "su -c" only when callee is not root
+
+Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
+(CVE-2005-4890) by detaching the controlling terminal in the non-PAM
+case via a TIOCNOTTY request.
+
+Bi-directional protection is excessive and breaks a commonly-used
+methods for privilege escalation on non-PAM systems (e.g. xterm -e
+/bin/su -s /bin/bash -c /bin/bash myscript).
+
+This patch relaxes the restriction and only detaches the controlling
+tty when the callee is not root (which is, after all, the threat vector).
+
+---
+ src/su.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
+
+ set_environment (pw);
+
+- if (!doshell) {
++ if (!doshell && pw->pw_uid != 0) {
+ /* There is no need for a controlling terminal.
+ * This avoids the callee to inject commands on
+- * the caller's tty. */
++ * the caller's tty when the callee is not root. */
+ int err = -1;
+
+ #ifdef USE_PAM
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index 8194930d..633d3851 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright 2005-2013 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2005-2014 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -21,8 +21,8 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PKGNAM=shadow
-VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -54,7 +54,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf shadow-$VERSION
-tar xvf $CWD/shadow-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/shadow-$VERSION.tar.xz || exit 1
cd shadow-$VERSION
# Apply some patches taken from the svn trunk that
@@ -63,8 +63,11 @@ for patch in $CWD/patches/*.diff.gz ; do
zcat $patch | patch -p0 --verbose || exit 1
done
-# Patch to handle newer crypt() that may return NULL:
-zcat $CWD/shadow.glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1
+# Relax the restrictions on "su -c" when it is used to become root.
+# It's not likely that root is going to try to inject commands back into
+# the user's shell to hack it, and the unnecessary restriction is causing
+# breakage:
+zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1
# Re-run automake because of r3299 patch to man/ru/Makefile.am:
# (not used because it doesn't work... above patch does the intended fix)
@@ -83,6 +86,7 @@ CFLAGS="$SLKCFLAGS" \
--sysconfdir=/etc \
--mandir=/usr/man \
--docdir=/usr/doc/shadow-$VERSION \
+ --enable-subordinate-ids \
--disable-shared \
--without-libcrack \
--build=$ARCH-slackware-linux
diff --git a/source/a/shadow/shadow.glibc217-crypt.diff b/source/a/shadow/shadow.glibc217-crypt.diff
deleted file mode 100644
index e26ca10b..00000000
--- a/source/a/shadow/shadow.glibc217-crypt.diff
+++ /dev/null
@@ -1,258 +0,0 @@
-From a616a72160c17fa193ad6ad95eb2c869633f4fe9 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Fri, 4 Oct 2013 11:25:43
-Subject: [PATCH] Improve handling of NULL returns from crypt().
-
-Signed-off-by: mancha <mancha1@hush.com>
----
- ChangeLog | 15 +++++++++++++++
- lib/encrypt.c | 7 +++----
- lib/pwauth.c | 7 ++++++-
- libmisc/valid.c | 1 +
- src/chgpasswd.c | 4 ++++
- src/chpasswd.c | 4 ++++
- src/gpasswd.c | 4 ++++
- src/newgrp.c | 3 ++-
- src/newusers.c | 26 +++++++++++++++++++++-----
- src/passwd.c | 15 +++++++++++++++
- 10 files changed, 75 insertions(+), 11 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index aab00ae..1416a38 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,18 @@
-+2013-05-06 mancha <mancha1@hush.com>
-+
-+ * lib/encrypt.c: crypt() in glibc/eglibc 2.17 now fails if passed
-+ a salt that violates specs. On Linux, crypt() also fails with
-+ DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
-+ we send them back to the caller for appropriate handling.
-+ * lib/pwauth.c: Handle NULL return from crypt().
-+ * libmisc/valid.c: Likewise.
-+ * src/chgpasswd.c: Likewise.
-+ * src/chpasswd.c: Likewise.
-+ * src/gpasswd.c: Likewise.
-+ * src/newgrp.c: Likewise.
-+ * src/newusers.c: Likewise.
-+ * src/passwd.c: Likewise.
-+
- 2012-05-25 Nicolas François <nicolas.francois@centraliens.net>
-
- * NEWS: Set release date.
-diff --git a/lib/encrypt.c b/lib/encrypt.c
-index 7daa8da..49cb691 100644
---- a/lib/encrypt.c
-+++ b/lib/encrypt.c
-@@ -49,11 +49,10 @@
- if (!cp) {
- /*
- * Single Unix Spec: crypt() may return a null pointer,
-- * and set errno to indicate an error. The caller doesn't
-- * expect us to return NULL, so...
-+ * and set errno to indicate an error. In this case return
-+ * the NULL so the caller can handle appropriately.
- */
-- perror ("crypt");
-- exit (EXIT_FAILURE);
-+ return cp;
- }
-
- /* The GNU crypt does not return NULL if the algorithm is not
-diff --git a/lib/pwauth.c b/lib/pwauth.c
-index 4b26daa..086a72e 100644
---- a/lib/pwauth.c
-+++ b/lib/pwauth.c
-@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
- char prompt[1024];
- char *clear = NULL;
- const char *cp;
-+ const char *encrypted;
- int retval;
-
- #ifdef SKEY
-@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
- * the results there as well.
- */
-
-- retval = strcmp (pw_encrypt (input, cipher), cipher);
-+ encrypted = pw_encrypt (input, cipher);
-+ if (encrypted!=NULL)
-+ retval = strcmp (encrypted, cipher);
-+ else
-+ retval = -1;
-
- #ifdef SKEY
- /*
-diff --git a/libmisc/valid.c b/libmisc/valid.c
-index aa0390a..4b85d67 100644
---- a/libmisc/valid.c
-+++ b/libmisc/valid.c
-@@ -95,6 +95,7 @@ bool valid (const char *password, const struct passwd *ent)
- */
-
- if ( (NULL != ent->pw_name)
-+ && (NULL != encrypted)
- && (strcmp (encrypted, ent->pw_passwd) == 0)) {
- return true;
- } else {
-diff --git a/src/chgpasswd.c b/src/chgpasswd.c
-index 0f41d0b..6c42a09 100644
---- a/src/chgpasswd.c
-+++ b/src/chgpasswd.c
-@@ -469,6 +469,10 @@ int main (int argc, char **argv)
- #endif
- cp = pw_encrypt (newpwd,
- crypt_make_salt (crypt_method, arg));
-+ if (cp == NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
- }
-
- /*
-diff --git a/src/chpasswd.c b/src/chpasswd.c
-index 928e2d7..4968b0d 100644
---- a/src/chpasswd.c
-+++ b/src/chpasswd.c
-@@ -492,6 +492,10 @@ int main (int argc, char **argv)
- #endif
- cp = pw_encrypt (newpwd,
- crypt_make_salt(crypt_method, arg));
-+ if (cp == NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
- }
-
- /*
-diff --git a/src/gpasswd.c b/src/gpasswd.c
-index df8d714..0043610 100644
---- a/src/gpasswd.c
-+++ b/src/gpasswd.c
-@@ -939,6 +939,10 @@ static void change_passwd (struct group *gr)
- }
-
- cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
-+ if (cp==NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
- memzero (pass, sizeof pass);
- #ifdef SHADOWGRP
- if (is_shadowgrp) {
-diff --git a/src/newgrp.c b/src/newgrp.c
-index 9330c72..6b87761 100644
---- a/src/newgrp.c
-+++ b/src/newgrp.c
-@@ -184,7 +184,8 @@ static void check_perms (const struct group *grp,
- cpasswd = pw_encrypt (cp, grp->gr_passwd);
- strzero (cp);
-
-- if (grp->gr_passwd[0] == '\0' ||
-+ if (cpasswd == NULL ||
-+ grp->gr_passwd[0] == '\0' ||
- strcmp (cpasswd, grp->gr_passwd) != 0) {
- #ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf),
-diff --git a/src/newusers.c b/src/newusers.c
-index 994898e..5f83a6a 100644
---- a/src/newusers.c
-+++ b/src/newusers.c
-@@ -387,6 +387,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
- static void update_passwd (struct passwd *pwd, const char *password)
- {
- void *crypt_arg = NULL;
-+ char *cp;
- if (crypt_method != NULL) {
- #ifdef USE_SHA_CRYPT
- if (sflg) {
-@@ -398,9 +399,13 @@ static void update_passwd (struct passwd *pwd, const char *password)
- if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
- pwd->pw_passwd = (char *)password;
- } else {
-- pwd->pw_passwd = pw_encrypt (password,
-- crypt_make_salt (crypt_method,
-- crypt_arg));
-+ cp=pw_encrypt (password, crypt_make_salt (crypt_method,
-+ crypt_arg));
-+ if (cp == NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
-+ pwd->pw_passwd = cp;
- }
- }
- #endif /* !USE_PAM */
-@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
- {
- const struct spwd *sp;
- struct spwd spent;
-+ char *cp;
-
- #ifndef USE_PAM
- void *crypt_arg = NULL;
-@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
- } else {
- const char *salt = crypt_make_salt (crypt_method,
- crypt_arg);
-- spent.sp_pwdp = pw_encrypt (password, salt);
-+ cp = pw_encrypt (password, salt);
-+ if (cp == NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
-+ spent.sp_pwdp = cp;
- }
- spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
- if (0 == spent.sp_lstchg) {
-@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
- spent.sp_pwdp = (char *)password;
- } else {
- const char *salt = crypt_make_salt (crypt_method, crypt_arg);
-- spent.sp_pwdp = pw_encrypt (password, salt);
-+ cp = pw_encrypt (password, salt);
-+ if (cp == NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
-+ spent.sp_pwdp = cp;
- }
- #else
- /*
-diff --git a/src/passwd.c b/src/passwd.c
-index ac90aa3..ae26666 100644
---- a/src/passwd.c
-+++ b/src/passwd.c
-@@ -242,6 +242,17 @@ static int new_password (const struct pa
- }
-
- cipher = pw_encrypt (clear, crypt_passwd);
-+ if (cipher == NULL) {
-+ strzero (clear);
-+ (void) fprintf (stderr,
-+ _("Failed to crypt password for %s.\n"),
-+ pw->pw_name);
-+ SYSLOG ((LOG_INFO,
-+ "failed to crypt password for %s",
-+ pw->pw_name));
-+ return -1;
-+ }
-+
- if (strcmp (cipher, crypt_passwd) != 0) {
- strzero (clear);
- strzero (cipher);
-@@ -349,6 +360,10 @@ static int new_password (const struct pa
- * Encrypt the password, then wipe the cleartext password.
- */
- cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
-+ if (cp == NULL) {
-+ perror ("crypt");
-+ exit (EXIT_FAILURE);
-+ }
- memzero (pass, sizeof pass);
-
- #ifdef HAVE_LIBCRACK_HIST
---
-1.7.11.4
-
diff --git a/source/a/shadow/shadow.url b/source/a/shadow/shadow.url
index b18864a8..5e378411 100644
--- a/source/a/shadow/shadow.url
+++ b/source/a/shadow/shadow.url
@@ -1 +1 @@
-ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow
+http://pkg-shadow.alioth.debian.org/releases/