Martin Pitt [2013-11-14 7:45 +0100]: > + } else { > + pam_syslog(handle, LOG_DEBUG, "Runtime dir %s is not owned > by the target uid %u, ignoring.", > + runtime_path, uid);
Sorry, LOG_DEBUG appears by default, this needs to be guarded with checking "debug". Fixed in updated patch. Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
From 9a33dbf7cc906539df8b6e152374d15dbf8c7a99 Mon Sep 17 00:00:00 2001 From: Martin Pitt <martinp...@gnome.org> Date: Wed, 13 Nov 2013 13:02:28 +0100 Subject: [PATCH 1/2] pam: Check $XDG_RUNTIME_DIR owner http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html requires that $XDG_RUNTIME_DIR "MUST be owned by the user, and he MUST be the only one having read and write access to it.". Don't set an existing $XDG_RUNTIME_DIR in the PAM module if it isn't owned by the session user. Otherwise su sessions get a runtime dir from a different user which leads to either permission errors or scribbling over the other user's files. https://bugzilla.redhat.com/show_bug.cgi?id=753882 https://launchpad.net/bugs/1197395 --- src/login/pam-module.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/login/pam-module.c b/src/login/pam-module.c index 1975d80..4fd2212 100644 --- a/src/login/pam-module.c +++ b/src/login/pam-module.c @@ -194,6 +194,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( uint32_t uid, pid, vtnr = 0; bool debug = false, remote; struct passwd *pw; + struct stat st; assert(handle); @@ -385,10 +386,24 @@ _public_ PAM_EXTERN int pam_sm_open_session( return r; } - r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); - if (r != PAM_SUCCESS) { - pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); - return r; + /* only set $XDG_RUNTIME_DIR if it is owned by the target user, as per + * XDG basedir-spec; this avoids su sessions to scribble over a runtime + * dir of a different user */ + r = lstat(runtime_path, &st); + if (r != 0) { + pam_syslog(handle, LOG_ERR, "Failed to stat runtime dir: %s", strerror(errno)); + return PAM_SYSTEM_ERR; + } + + if (st.st_uid == uid) { + r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0); + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to set runtime dir."); + return r; + } + } else if (debug) { + pam_syslog(handle, LOG_DEBUG, "Runtime dir %s is not owned by the target uid %u, ignoring.", + runtime_path, uid); } if (!isempty(seat)) { -- 1.8.4.3
signature.asc
Description: Digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel