debian: . patches

X Strike Force SVN Repository Admin Thu, 22 Jan 2004 09:43:30 -0600

Author: branden
Date: 2004-01-22 10:26:39 -0500 (Thu, 22 Jan 2004)
New Revision: 959


Added:
   
branches/4.1.0/woody/debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
Modified:
   branches/4.1.0/woody/debian/changelog
Log:
Patch xdm to call pam_strerror(), log the returned error, and exit the
StartClient() function with a zero exit status (failure) if pam_setcred()
returns a value other than PAM_SUCCESS.  (Resolves CAN-2003-0690.)


Modified: branches/4.1.0/woody/debian/changelog
===================================================================
--- branches/4.1.0/woody/debian/changelog       2004-01-22 01:58:23 UTC (rev 
958)
+++ branches/4.1.0/woody/debian/changelog       2004-01-22 15:26:39 UTC (rev 
959)
@@ -1,3 +1,18 @@
+xfree86 (4.1.0-16woody2) stable-security; urgency=high
+
+  * Security update release.  Resolves the following issue:
+    + CAN-2003-0690: xdm does not verify whether the pam_setcred function call
+      succeeds, which may allow attackers to gain root privileges by
+      triggering error conditions within PAM modules, as demonstrated in
+      certain configurations of the MIT pam_krb5 module.
+
+  * Patch xdm to call pam_strerror(), log the returned error, and exit the
+    StartClient() function with a zero exit status (failure) if pam_setcred()
+    returns a value other than PAM_SUCCESS.
+    - debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
+
+ -- Branden Robinson <[EMAIL PROTECTED]>  Wed, 21 Jan 2004 17:19:48 -0500
+
 xfree86 (4.1.0-16woody1) stable-security; urgency=high
 
   * Security update release.  Resolves the following issues:

Added: 
branches/4.1.0/woody/debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
===================================================================
--- 
branches/4.1.0/woody/debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
        2004-01-22 01:58:23 UTC (rev 958)
+++ 
branches/4.1.0/woody/debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
        2004-01-22 15:26:39 UTC (rev 959)
@@ -0,0 +1,33 @@
+$Id$
+
+xc/programs/xdm/session.c @ 3.36
+  Handle errors from pam_setcred(), reporting them with pam_strerror().
+  (Matthieu Herrb, Branden Robinson)
+
+--- xc/programs/xdm/session.c.orig     2004-01-21 17:07:49.000000000 -0500
++++ xc/programs/xdm/session.c  2004-01-21 17:09:21.000000000 -0500
+@@ -531,8 +531,9 @@
+ #ifdef HAS_SETUSERCONTEXT
+     struct passwd* pwd;
+ #endif
+-#ifdef USE_PAM 
++#ifdef USE_PAM
+     pam_handle_t *pamh = thepamh();
++    int       pam_error;
+ #endif
+ 
+     if (verify->argv) {
+@@ -595,7 +596,12 @@
+ #endif   /* QNX4 doesn't support multi-groups, no initgroups() */
+ #ifdef USE_PAM
+       if (thepamh()) {
+-          pam_setcred(thepamh(), PAM_ESTABLISH_CRED);
++          pam_error = pam_setcred (pamh, PAM_ESTABLISH_CRED);
++          if (pam_error != PAM_SUCCESS) {
++              LogError ("pam_setcred for \"%s\" failed: %s\n",
++                       name, pam_strerror(pamh, pam_error));
++              return(0);
++          }
+       }
+ #endif
+       if (setuid(verify->uid) < 0)


Property changes on: 
branches/4.1.0/woody/debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
___________________________________________________________________
Name: svn:keywords
   + Id

X Strike Force XFree86 SVN commit: rev 959 - in branches/4.1.0/woody/debian: . patches

Reply via email to