Your message dated Sun, 03 Aug 2008 10:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#492353: fixed in pam-devperm 1.6-1
has caused the Debian Bug report #492353,
regarding libpam-devperm: Restore device permissions in reverse order
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
492353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492353
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libpam-devperm
Version: 1.5-2
Severity: normal
Tags: patch

Hello,

after logging out, libpam-devperm restores the device permissions in the same
order as they are when logging in. This leads to problems if the devices
listed in /etc/logindevperm are linked with each other.

Imagine the following line in /etc/logindevperm:

:0 0600 /dev/cdrom:/dev/cdrom0:/dev/cdrom1:/dev/cdrom2:/dev/cdrom3 

Then, if /dev/cdrom and /dev/cdrom0 are links to the same device, let's say
/dev/hdc, the following happens when user test logs in:

1. libpam-devperm acts on /dev/cdrom. This saves the old ownerships
   and permissions (probably root:cdrom and 660) of /dev/hdc and changes
   them to test:cdrom and 600.
2. libpam-devperm acts on /dev/cdrom0. This saves the ownerships and
   permissions that were set in step 1, test:cdrom and 600.

And when user test logs out:

3. libpam-devperm acts on /dev/cdrom. This restores the old ownerships
   and permissions of /dev/hdc, root:cdrom and 660.
4. libpam-devperm acts on /dev/cdrom0. This restores the ownerships and
   permissions of /dev/hdc that were saved in step 2, test:cdrom and 600.

So, after logging out the device /dev/hdc does not have the same permissions
and ownerships as before logging in. This problem can be avoided if the
saved values for permissions and ownerships are restored in reverse order.
In the example, step 3 would be executed after step 4, so that /dev/hdc
would get the correct settings.

The patch shown below can do the work.

Regards
  Christoph



--- pam-devperm-1.5.orig/src/restore_permissions.c
+++ pam-devperm-1.5/src/restore_permissions.c
@@ -47,6 +47,49 @@
 
 #include "common.h"
 
+struct devlist_t {
+       char *device;
+       int perm;
+       unsigned long int uid;
+       unsigned long int gid;
+       struct devlist_t *prev;
+       struct devlist_t *next;
+};
+
+struct devlist_t *devlist = NULL; 
+
+void insert(const char *device, int perm, unsigned long int uid, unsigned long 
int gid)
+{
+  struct devlist_t *temp;
+
+  temp = (struct devlist_t *) malloc(sizeof(struct devlist_t));
+  temp->device = strdup(device);
+  temp->perm = perm;
+  temp->uid  = uid;
+  temp->gid  = gid;
+  temp->next = NULL;
+  temp->prev = devlist;
+  
+  if (devlist != NULL)
+    devlist->next = temp;
+
+  devlist = temp;
+}    
+
+void delete(void)
+{
+  struct devlist_t *temp;
+  
+  temp = devlist;
+  
+  if (devlist != NULL)
+    {
+      devlist = devlist->prev;
+      free(temp->device);
+      free(temp);
+    }
+}
+
 int
 restore_permissions (const char *tty)
 {
@@ -85,8 +128,15 @@
        continue;                           /* empty or comment */
       *cp++ = 0;
       sscanf(cp, "%o %lu %lu", &perm, &uid, &gid);
-      login_protect (device, perm, uid, gid, NULL);
+      insert(device,perm,uid,gid);
     }
+  
+  while (devlist != NULL)
+    {
+      login_protect (devlist->device, devlist->perm, devlist->uid, 
devlist->gid, NULL);
+      delete();
+    }
+
   fclose(fp);
   unlink (save_perms);
 
  

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libpam-devperm depends on:
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries

libpam-devperm recommends no packages.

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: pam-devperm
Source-Version: 1.6-1

We believe that the bug you reported is fixed in the latest version of
pam-devperm, which is due to be installed in the Debian FTP archive:

libpam-devperm_1.6-1_i386.deb
  to pool/main/p/pam-devperm/libpam-devperm_1.6-1_i386.deb
pam-devperm_1.6-1.diff.gz
  to pool/main/p/pam-devperm/pam-devperm_1.6-1.diff.gz
pam-devperm_1.6-1.dsc
  to pool/main/p/pam-devperm/pam-devperm_1.6-1.dsc
pam-devperm_1.6.orig.tar.gz
  to pool/main/p/pam-devperm/pam-devperm_1.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <[EMAIL PROTECTED]> (supplier of updated pam-devperm 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun,  3 Aug 2008 12:00:19 +0200
Source: pam-devperm
Binary: libpam-devperm
Architecture: source i386
Version: 1.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Petter Reinholdtsen <[EMAIL PROTECTED]>
Description: 
 libpam-devperm - PAM module to change device ownership on login
Closes: 472360 492348 492353
Changes: 
 pam-devperm (1.6-1) unstable; urgency=low
 .
   * QA upload.
   * Orphan package, set Debian QA Group <[EMAIL PROTECTED]> as
     the maintainer.  The current maintainer is no longer active.
   * New upstream version.
     - Drop patch to add -fPIC in configure, as this is done in
       src/Makefile.am in the new upstream version.
   * Move local changes to debian/patches and use quilt to apply them.
   * New patch segf-usermsg.diff to avoid crashing when no function
     pointer is available to pass messages back to the application
     (Closes: #492348:).
   * New patch reverse-restore.diff to restore permissions in the
     reverse order of the one used to set permissions, to avoid
     surprises with symlinked devices (Closes: #472360, #492353).
     Patch from Christoph Pleger.
   * Changed standards-version from 3.5.10 to 3.8.0.
Checksums-Sha1: 
 a201bbbb6ec1878decb7ed940aacd1e6222d22eb 996 pam-devperm_1.6-1.dsc
 041ed05cc67835e725e1a9382cc4af231eaaab66 102911 pam-devperm_1.6.orig.tar.gz
 e7bad9a27057f1a970023c87e5862a8bb651dede 7768 pam-devperm_1.6-1.diff.gz
 b79d28eb650e315f3f0f2d459cff05232da42d90 17164 libpam-devperm_1.6-1_i386.deb
Checksums-Sha256: 
 5ad4187659cdcc5bb6b48603db632f535ca2951b4f828656c0c4c93012694224 996 
pam-devperm_1.6-1.dsc
 e46d93c0ee4ba0a2f3837037865e4224d80e137175f0839583370162fb08ce04 102911 
pam-devperm_1.6.orig.tar.gz
 7859967b3137ecb0a5df6bd1fc750e3c448cb371230f540fdc40e118b90cd53b 7768 
pam-devperm_1.6-1.diff.gz
 865e3a69fae9be26e6129671e0ce4ae3178b5e9861ae2c9e7905daaacabce537 17164 
libpam-devperm_1.6-1_i386.deb
Files: 
 498ed2166985a3ee06db1fccaa29ee56 996 admin optional pam-devperm_1.6-1.dsc
 80fe767e2634af84f9b903798477a7e2 102911 admin optional 
pam-devperm_1.6.orig.tar.gz
 ecad1f65724c05affe02dab64b3e4db7 7768 admin optional pam-devperm_1.6-1.diff.gz
 45ec355b28d06ec804080f24b97260c6 17164 admin optional 
libpam-devperm_1.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIlYJz20zMSyow1ykRAhWmAJ9zle8m7q8kXKhuQm5amu7zrfSlJgCfb56s
R5fQWFiQM+pBDDZhaQ++3TE=
=bevl
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to