Import Debian changes 1:4.4-4.1
shadow (1:4.4-4.1) unstable; urgency=high
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
This commit is contained in:
Salvatore Bonaccorso
committed by
Balint Reczey
Balint Reczey
parent
f9176c3be3
commit
d8ee06fced
1
.gitignore
vendored
1
.gitignore
vendored
@@ -7,6 +7,7 @@ lib*.a
|
||||
.deps
|
||||
.libs
|
||||
|
||||
*.patch
|
||||
*.rej
|
||||
*.orig
|
||||
|
||||
|
||||
9
debian/changelog
vendored
9
debian/changelog
vendored
@@ -1,3 +1,12 @@
|
||||
shadow (1:4.4-4.1) unstable; urgency=high
|
||||
|
||||
* Non-maintainer upload.
|
||||
* Reset pid_child only if waitpid was successful.
|
||||
This is a regression fix for CVE-2017-2616. If su receives a signal like
|
||||
SIGTERM, it is not propagated to the child. (Closes: #862806)
|
||||
|
||||
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 17 May 2017 13:59:59 +0200
|
||||
|
||||
shadow (1:4.4-4) unstable; urgency=high
|
||||
|
||||
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
|
||||
|
||||
29
debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
vendored
Normal file
29
debian/patches/301-Reset-pid_child-only-if-waitpid-was-successful.patch
vendored
Normal file
@@ -0,0 +1,29 @@
|
||||
From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Sun, 14 May 2017 17:58:10 +0200
|
||||
Subject: [PATCH] Reset pid_child only if waitpid was successful.
|
||||
|
||||
Do not reset the pid_child to 0 if the child process is still
|
||||
running. This else-condition can be reached with pid being -1,
|
||||
therefore explicitly test this condition.
|
||||
|
||||
This is a regression fix for CVE-2017-2616. If su receives a
|
||||
signal like SIGTERM, it is not propagated to the child.
|
||||
|
||||
Reported-by: Radu Duta <raduduta@gmail.com>
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
src/su.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
|
||||
/* wake child when resumed */
|
||||
kill (pid, SIGCONT);
|
||||
stop = false;
|
||||
- } else {
|
||||
+ } else if ( (pid_t)-1 != pid) {
|
||||
pid_child = 0;
|
||||
}
|
||||
} while (!stop);
|
||||
2
debian/patches/series
vendored
2
debian/patches/series
vendored
@@ -6,6 +6,8 @@
|
||||
0006-French-manpage-translation.patch
|
||||
0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
|
||||
0008-su-properly-clear-child-PID.patch
|
||||
301-Reset-pid_child-only-if-waitpid-was-successful.patch
|
||||
|
||||
# These patches are only for the testsuite:
|
||||
#900_testsuite_groupmems
|
||||
#901_testsuite_gcov
|
||||
|
||||
Reference in New Issue
Block a user