diff options
| author | Steffen Nurpmeso <steffen@sdaoden.eu> | 2021-02-22 01:10:55 +0100 |
|---|---|---|
| committer | Steffen Nurpmeso <steffen@sdaoden.eu> | 2021-02-22 01:13:42 +0100 |
| commit | ef1dad0afd199c9f88b14498bc8073a1c34cd037 (patch) | |
| tree | a7da344b2c8a3619601072bdb6a123229c88ae5d | |
| parent | 4fc5efa71d941d5bb3570302163916e017199c66 (diff) | |
| download | contrib-ef1dad0afd199c9f88b14498bc8073a1c34cd037.tar.gz contrib-ef1dad0afd199c9f88b14498bc8073a1c34cd037.tar.xz | |
pam_xdg: undocumented PAM!! Need setegid(2) sometimes (boxed environments)
| -rw-r--r-- | pam_xdg/.md5sum | 3 | ||||
| -rw-r--r-- | pam_xdg/.signature | 6 | ||||
| -rw-r--r-- | pam_xdg/Pkgfile | 2 | ||||
| -rw-r--r-- | pam_xdg/pam_xdg.c | 10 |
4 files changed, 17 insertions, 4 deletions
diff --git a/pam_xdg/.md5sum b/pam_xdg/.md5sum new file mode 100644 index 000000000..f1f334aef --- /dev/null +++ b/pam_xdg/.md5sum @@ -0,0 +1,3 @@ +c9095bcca36ad19232016d2871e59546 makefile +c8562d9eb117543c267e992a898ad617 pam_xdg.8 +09f7153e4300cf57d6a6a4bfe5fa0f3a pam_xdg.c diff --git a/pam_xdg/.signature b/pam_xdg/.signature index 3cadea97b..1c5851ad2 100644 --- a/pam_xdg/.signature +++ b/pam_xdg/.signature @@ -1,7 +1,7 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF31kzD0aPl+YxQhbsVf3vfdKQeBygrUwAVkQb1AygkWUjgPxC9v7TeEO9NSzUtdlp6E3ckytyI5hYQ+CGcDYDkA0= -SHA256 (Pkgfile) = a042a0a8a24333b837840971cf0e84591fa2893a1f9b8871b814ddc804cf505e +RWSagIOpLGJF3wSopQt7TvcJLCKXnqY7+rEYaiXbcNkFqhjUOyafFSwoNvjHD/yU0MwPrRqfsDzZj4+X//VOhTm+XpBl8CXh4Ag= +SHA256 (Pkgfile) = 4dff33d08e9f6699bffa06a6137c05c9bb446827b9ccde2b376f8aa8495306d1 SHA256 (.footprint) = 56d789b652e6167f5fb93e1e6d48243e13f598c6d9a72705a8e54a003574ba31 -SHA256 (pam_xdg.c) = 38927fe6847b8e252eeba4d11a39335fa6b161bbde22162042062df12c2f759c +SHA256 (pam_xdg.c) = 4e9215a0f695920f04e925f55fd221167b2f376a75cc2668f9d4842540ccdeed SHA256 (pam_xdg.8) = 2929bcd6655d28127d386215d3d8c4fed6744b65c4866ac7e49d54cb438d9133 SHA256 (makefile) = 2466f499c3e84fd821176371fa9ff78143bf94b9ec09fd9e654b35613e4ead7d diff --git a/pam_xdg/Pkgfile b/pam_xdg/Pkgfile index ab5785e84..79694314a 100644 --- a/pam_xdg/Pkgfile +++ b/pam_xdg/Pkgfile @@ -3,7 +3,7 @@ # Maintainer: Steffen Nurpmeso, steffen at sdaoden dot eu name=pam_xdg -version=20210208 +version=20210222 release=1 source=($name.c $name.8 makefile) diff --git a/pam_xdg/pam_xdg.c b/pam_xdg/pam_xdg.c index aa6bfd19b..4c121e93c 100644 --- a/pam_xdg/pam_xdg.c +++ b/pam_xdg/pam_xdg.c @@ -130,6 +130,9 @@ a_xdg(int isopen, pam_handle_t *pamh, int flags, int argc, const char **argv){ /* We try create the base directory once as necessary */ /*if(isopen)*/{ + gid_t oegid; + mode_t oumask; + res = 0; while(fstatat(cwdfd, a_RUNTIME_DIR_BASE, &st, AT_SYMLINK_NOFOLLOW ) == -1){ @@ -139,12 +142,19 @@ a_xdg(int isopen, pam_handle_t *pamh, int flags, int argc, const char **argv){ goto jerr; } + oumask = umask(0000); + oegid = getegid(); + setegid(0); + if(mkdirat(cwdfd, a_RUNTIME_DIR_BASE, a_RUNTIME_DIR_BASE_MODE ) == -1 && errno != EEXIST){ emsg = "cannot create base directory " a_RUNTIME_DIR_OUTER "/" a_RUNTIME_DIR_BASE; goto jerr; } + + setegid(oegid); + umask(oumask); } /* Not worth doing S_ISDIR(st.st_mode), O_DIRECTORY will bail next */ } |