Your message dated Sun, 03 Aug 2008 10:17:05 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#492353: fixed in pam-devperm 1.6-1 has caused the Debian Bug report #492353, regarding libpam-devperm: Restore device permissions in reverse order to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 492353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492353 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: libpam-devperm Version: 1.5-2 Severity: normal Tags: patch Hello, after logging out, libpam-devperm restores the device permissions in the same order as they are when logging in. This leads to problems if the devices listed in /etc/logindevperm are linked with each other. Imagine the following line in /etc/logindevperm: :0 0600 /dev/cdrom:/dev/cdrom0:/dev/cdrom1:/dev/cdrom2:/dev/cdrom3 Then, if /dev/cdrom and /dev/cdrom0 are links to the same device, let's say /dev/hdc, the following happens when user test logs in: 1. libpam-devperm acts on /dev/cdrom. This saves the old ownerships and permissions (probably root:cdrom and 660) of /dev/hdc and changes them to test:cdrom and 600. 2. libpam-devperm acts on /dev/cdrom0. This saves the ownerships and permissions that were set in step 1, test:cdrom and 600. And when user test logs out: 3. libpam-devperm acts on /dev/cdrom. This restores the old ownerships and permissions of /dev/hdc, root:cdrom and 660. 4. libpam-devperm acts on /dev/cdrom0. This restores the ownerships and permissions of /dev/hdc that were saved in step 2, test:cdrom and 600. So, after logging out the device /dev/hdc does not have the same permissions and ownerships as before logging in. This problem can be avoided if the saved values for permissions and ownerships are restored in reverse order. In the example, step 3 would be executed after step 4, so that /dev/hdc would get the correct settings. The patch shown below can do the work. Regards Christoph --- pam-devperm-1.5.orig/src/restore_permissions.c +++ pam-devperm-1.5/src/restore_permissions.c @@ -47,6 +47,49 @@ #include "common.h" +struct devlist_t { + char *device; + int perm; + unsigned long int uid; + unsigned long int gid; + struct devlist_t *prev; + struct devlist_t *next; +}; + +struct devlist_t *devlist = NULL; + +void insert(const char *device, int perm, unsigned long int uid, unsigned long int gid) +{ + struct devlist_t *temp; + + temp = (struct devlist_t *) malloc(sizeof(struct devlist_t)); + temp->device = strdup(device); + temp->perm = perm; + temp->uid = uid; + temp->gid = gid; + temp->next = NULL; + temp->prev = devlist; + + if (devlist != NULL) + devlist->next = temp; + + devlist = temp; +} + +void delete(void) +{ + struct devlist_t *temp; + + temp = devlist; + + if (devlist != NULL) + { + devlist = devlist->prev; + free(temp->device); + free(temp); + } +} + int restore_permissions (const char *tty) { @@ -85,8 +128,15 @@ continue; /* empty or comment */ *cp++ = 0; sscanf(cp, "%o %lu %lu", &perm, &uid, &gid); - login_protect (device, perm, uid, gid, NULL); + insert(device,perm,uid,gid); } + + while (devlist != NULL) + { + login_protect (devlist->device, devlist->perm, devlist->uid, devlist->gid, NULL); + delete(); + } + fclose(fp); unlink (save_perms); -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libpam-devperm depends on: ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries libpam-devperm recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: pam-devperm Source-Version: 1.6-1 We believe that the bug you reported is fixed in the latest version of pam-devperm, which is due to be installed in the Debian FTP archive: libpam-devperm_1.6-1_i386.deb to pool/main/p/pam-devperm/libpam-devperm_1.6-1_i386.deb pam-devperm_1.6-1.diff.gz to pool/main/p/pam-devperm/pam-devperm_1.6-1.diff.gz pam-devperm_1.6-1.dsc to pool/main/p/pam-devperm/pam-devperm_1.6-1.dsc pam-devperm_1.6.orig.tar.gz to pool/main/p/pam-devperm/pam-devperm_1.6.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Petter Reinholdtsen <[EMAIL PROTECTED]> (supplier of updated pam-devperm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 3 Aug 2008 12:00:19 +0200 Source: pam-devperm Binary: libpam-devperm Architecture: source i386 Version: 1.6-1 Distribution: unstable Urgency: low Maintainer: Debian QA Group <[EMAIL PROTECTED]> Changed-By: Petter Reinholdtsen <[EMAIL PROTECTED]> Description: libpam-devperm - PAM module to change device ownership on login Closes: 472360 492348 492353 Changes: pam-devperm (1.6-1) unstable; urgency=low . * QA upload. * Orphan package, set Debian QA Group <[EMAIL PROTECTED]> as the maintainer. The current maintainer is no longer active. * New upstream version. - Drop patch to add -fPIC in configure, as this is done in src/Makefile.am in the new upstream version. * Move local changes to debian/patches and use quilt to apply them. * New patch segf-usermsg.diff to avoid crashing when no function pointer is available to pass messages back to the application (Closes: #492348:). * New patch reverse-restore.diff to restore permissions in the reverse order of the one used to set permissions, to avoid surprises with symlinked devices (Closes: #472360, #492353). Patch from Christoph Pleger. * Changed standards-version from 3.5.10 to 3.8.0. Checksums-Sha1: a201bbbb6ec1878decb7ed940aacd1e6222d22eb 996 pam-devperm_1.6-1.dsc 041ed05cc67835e725e1a9382cc4af231eaaab66 102911 pam-devperm_1.6.orig.tar.gz e7bad9a27057f1a970023c87e5862a8bb651dede 7768 pam-devperm_1.6-1.diff.gz b79d28eb650e315f3f0f2d459cff05232da42d90 17164 libpam-devperm_1.6-1_i386.deb Checksums-Sha256: 5ad4187659cdcc5bb6b48603db632f535ca2951b4f828656c0c4c93012694224 996 pam-devperm_1.6-1.dsc e46d93c0ee4ba0a2f3837037865e4224d80e137175f0839583370162fb08ce04 102911 pam-devperm_1.6.orig.tar.gz 7859967b3137ecb0a5df6bd1fc750e3c448cb371230f540fdc40e118b90cd53b 7768 pam-devperm_1.6-1.diff.gz 865e3a69fae9be26e6129671e0ce4ae3178b5e9861ae2c9e7905daaacabce537 17164 libpam-devperm_1.6-1_i386.deb Files: 498ed2166985a3ee06db1fccaa29ee56 996 admin optional pam-devperm_1.6-1.dsc 80fe767e2634af84f9b903798477a7e2 102911 admin optional pam-devperm_1.6.orig.tar.gz ecad1f65724c05affe02dab64b3e4db7 7768 admin optional pam-devperm_1.6-1.diff.gz 45ec355b28d06ec804080f24b97260c6 17164 admin optional libpam-devperm_1.6-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIlYJz20zMSyow1ykRAhWmAJ9zle8m7q8kXKhuQm5amu7zrfSlJgCfb56s R5fQWFiQM+pBDDZhaQ++3TE= =bevl -----END PGP SIGNATURE-----
--- End Message ---

