Your message dated Sat, 26 Jul 2008 17:32:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#491907: fixed in shadow 1:4.1.1-3 has caused the Debian Bug report #491907, regarding passwd: patch needed for SE Linux support in vipw/vigr to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 491907: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491907 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: passwd Version: 1:4.1.1-2 Severity: important Currently vipw and vigr will set the wrong SE Linux security context on /etc/passwd and /etc/group respectively. The following patch fixes this: --- /tmp/vipw.c 2008-07-22 20:15:12.000000000 +1000 +++ ./vipw.c 2008-07-22 20:38:20.000000000 +1000 @@ -42,6 +42,10 @@ #include "sgroupio.h" #include "shadowio.h" +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#endif + #define MSG_WARN_EDIT_OTHER_FILE _( \ "You have modified %s.\n"\ "You may need to modify %s for consistency.\n"\ @@ -167,6 +171,20 @@ if (access (file, F_OK)) vipwexit (file, 1, 1); +#ifdef WITH_SELINUX + /* if SE Linux is enabled then set the context of all new files + to be the context of the file we are editing */ + if (is_selinux_enabled()) { + security_context_t passwd_context=NULL; + int ret=0; + if (getfilecon(file,&passwd_context) < 0) + vipwexit (_("Couldn't get file context"), errno, 1); + ret = setfscreatecon(passwd_context); + freecon(passwd_context); + if (ret != 0) + vipwexit (_("setfscreatecon() failed"), errno, 1); + } +#endif if (!file_lock ()) vipwexit (_("Couldn't lock file"), errno, 5); filelocked = 1; @@ -236,6 +254,12 @@ progname, file, strerror (errno), fileedit); vipwexit (0, 0, 1); } +#ifdef WITH_SELINUX + /* unset the fscreatecon */ + if (is_selinux_enabled()) + if(setfscreatecon(NULL)) + vipwexit (_("setfscreatecon() failed"), errno, 1); +#endif (*file_unlock) (); }
--- End Message ---
--- Begin Message ---Source: shadow Source-Version: 1:4.1.1-3 We believe that the bug you reported is fixed in the latest version of shadow, which is due to be installed in the Debian FTP archive: login_4.1.1-3_i386.deb to pool/main/s/shadow/login_4.1.1-3_i386.deb passwd_4.1.1-3_i386.deb to pool/main/s/shadow/passwd_4.1.1-3_i386.deb shadow_4.1.1-3.diff.gz to pool/main/s/shadow/shadow_4.1.1-3.diff.gz shadow_4.1.1-3.dsc to pool/main/s/shadow/shadow_4.1.1-3.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> (supplier of updated shadow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 26 Jul 2008 10:12:46 +0200 Source: shadow Binary: passwd login Architecture: source i386 Version: 1:4.1.1-3 Distribution: unstable Urgency: low Maintainer: Shadow package maintainers <[EMAIL PROTECTED]> Changed-By: Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> Description: login - system login tools passwd - change and administer password and group data Closes: 412234 443322 482352 482823 488515 491907 492307 492410 Changes: shadow (1:4.1.1-3) unstable; urgency=low . * The "Morbier" release. * debian/patches/302_vim_selinux_support: Add SE Linux support to vipw/vigr. Thanks to Russell Coker. Closes: #491907 * debian/patches/494_passwd_lock-no_account_lock: Restore the previous behavior of passwd -l (which changed in #389183): only lock the user's password, not the user's account. Also explicitly document the differences. This restores a behavior common with the previous versions of passwd and with other implementations. Closes: #492307 * debian/patches/494_passwd_lock-no_account_lock: Add a reference to usermod(8) in passwd(1). Closes: #412234 * debian/login.pam: Enforce a fail delay to avoid login brute-force. Closes: #443322 * debian/login.pam: Indicate why the pam_securetty module is used as a requisite module and mentions the possible drawbacks. Closes: #482352 * debian/login.defs: Do not mention the libpam-umask package (the module is now provided by libpam-modules). Closes: #492410 * debian/patches/200_Czech_binary_translation: Updated Czech translation. Thanks to Miroslav Kure. Closes: #482823 * debian/securetty.linux: Add the PA-RISC mux ports (ttyB0, ttyB1). Closes: #488515 Checksums-Sha1: 39c3fb31bc004feee029f1a6f1aeaa726e2cc0c4 1542 shadow_4.1.1-3.dsc 1f9befbfb56c52d2419ae4146e640392867a6ea7 88879 shadow_4.1.1-3.diff.gz a04a33a335cb828b1b638ce76669f100a9ef2a31 871952 passwd_4.1.1-3_i386.deb 8079cb9c4c0b79b0840db8fc560cbcd03347be05 860148 login_4.1.1-3_i386.deb Checksums-Sha256: 35d37e60d3542c7596ffb138d2daf708dadb612cc50986b9f007fdc5142dc7de 1542 shadow_4.1.1-3.dsc 4bd6b3d908cfc1b4d916f3a21c757911a4eb6fbfca0d74174b9e9f2b68eaf098 88879 shadow_4.1.1-3.diff.gz 0c3d7856687b7747b25dcbb8fef83451f89094301390ddf0a68913d323500234 871952 passwd_4.1.1-3_i386.deb 47b2b24bc9509f4dd63b983315fb61bd724eaaa2c76d0e39b5d16bae23d5cfcd 860148 login_4.1.1-3_i386.deb Files: 428e3e18ec2f8199e93ababa11880f54 1542 admin required shadow_4.1.1-3.dsc b04b2f4cf605783e445a0802c98ce1a3 88879 admin required shadow_4.1.1-3.diff.gz 2795fe7eaf68707e30a67c105dfb688b 871952 admin required passwd_4.1.1-3_i386.deb 3f8d6e4c2a6d9cf89d602cc1084deaa0 860148 admin required login_4.1.1-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiLXusACgkQWgo5mup89a2E8QCeKLgCQ+gynqbXkrSvtaS/+Rnd bUAAn2OTxCobII8LN5WoMyUSqk9hWK/j =VG4V -----END PGP SIGNATURE-----
--- End Message ---
