From patchwork Tue Sep 20 20:09:50 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: rennes@openmailbox.org X-Patchwork-Id: 15814 Received: (qmail 45163 invoked by uid 89); 20 Sep 2016 20:10:33 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.8 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=setfsuid, gid, setfsgid, 14, 7 X-Spam-Status: No, score=-4.8 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: lists.gnu.org Received: from lists.gnu.org (HELO lists.gnu.org) (208.118.235.17) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 20 Sep 2016 20:10:23 +0000 Received: from localhost ([::1]:37810 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmRMz-0000kl-5c for patchwork@sourceware.org; Tue, 20 Sep 2016 16:10:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35491) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmRMr-0000i1-R0 for guix-devel@gnu.org; Tue, 20 Sep 2016 16:10:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bmRMn-00017n-A8 for guix-devel@gnu.org; Tue, 20 Sep 2016 16:10:12 -0400 Received: from smtp22.openmailbox.org ([62.4.1.56]:57509 helo=smtp7.openmailbox.org) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmRMn-00015e-1q for guix-devel@gnu.org; Tue, 20 Sep 2016 16:10:09 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id 42AC3202B27; Tue, 20 Sep 2016 22:10:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1474402207; bh=KjC35/FUMoJYs5mvhj5QXHz3tGP7wOavgjXp4zgsS38=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=MoB5MhPaRXmBFUAs+NdpnQ0dQ0bzUoJQy8gOqLy2myajD4AoXK4oGUH3cfiV7ukUc FODVUVEtqWBqMGK00CITEJ6z8wTwsulpBtGYEocbElVSRZP0SRo8nGEoGoBCjyIBf9 Aw85FSm8hu/CGJxWojoGKi+/8ww9+XvCWmbdrYh4= Message-ID: <1474402190.32171.3.camel@openmailbox.org> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1474402202; bh=KjC35/FUMoJYs5mvhj5QXHz3tGP7wOavgjXp4zgsS38=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=kAzQtbVwEMu57BarlsEz9ZXwkvgkVh/K+G4Gvi9zw4brBoN3EcoirgX0YY0MiN7Qm wVd6+cY/r0BajwddoH+tzPGmKpdW+5/hUv3APro2dhGSVCX45eXreqZMJ4IyyvRb3a 8xoB9e+G8yCXhSmPM1umLD/b3p7ax5ZL32MxwWQQ= Subject: Re: [PATCH] gnu: Add linux-pam. From: rennes To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Tue, 20 Sep 2016 15:09:50 -0500 In-Reply-To: <8760pr8em0.fsf@gnu.org> References: <877facdhw4.fsf@gnu.org> <1473972371.1629.2.camel@openmailbox.org> <8760pr8em0.fsf@gnu.org> X-Mailer: Evolution 3.20.1 Mime-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 62.4.1.56 X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+patchwork=sourceware.org@gnu.org Sender: "Guix-devel" Hello, > Then I think we can install the patch (in core-updates), making sure > it > contains a reference to the above ticket. > > Could you send the updated patch? attached the updated patch. From b4753711aabcefa410b2eb4ced9d25e084bb7658 Mon Sep 17 00:00:00 2001 From: Rene Saavedra Date: Tue, 20 Sep 2016 14:59:20 -0500 Subject: [PATCH] gnu: Add linux-pam. * gnu/packages/linux.scm (linux-pam): Use it. * gnu/packages/patches/linux-pam-no-setfsuid.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 2 + gnu/packages/linux.scm | 7 ++- gnu/packages/patches/linux-pam-no-setfsuid.patch | 75 ++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch diff --git a/gnu/local.mk b/gnu/local.mk index a756638..f0415f6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -5,6 +5,7 @@ # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver # Copyright © 2016 Chris Marusich # Copyright © 2016 Kei Kebreau +# Copyright © 2016 Rene Saavedra # # This file is part of GNU Guix. # @@ -658,6 +659,7 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ + %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/llvm-for-extempore.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 5e9263e..e5dbc42 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 David Craven ;;; Copyright © 2016 John Darrington +;;; Copyright © 2016 Rene Saavedra ;;; ;;; This file is part of GNU Guix. ;;; @@ -371,7 +372,11 @@ It has been modified to remove all non-free binary blobs.") version ".tar.bz2"))) (sha256 (base32 - "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl")))) + "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl")) + ;; On the Hurd system in the 'build' phase seeks fsuid.h file. + ;; See the patch for details. + (patches (search-patches + "linux-pam-no-setfsuid.patch")))) (build-system gnu-build-system) (native-inputs `(("flex" ,flex) diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch new file mode 100644 index 0000000..c14721d --- /dev/null +++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch @@ -0,0 +1,75 @@ +On systems without setfsuid(), use setreuid() instead. + +The patch originates from the Debian project for the Hurd system. +Authors: Steve Langasek +Upstream status: A ticket was opened to request apply the patch, +ticket: 'https://fedorahosted.org/linux-pam/ticket/64'. + +--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.000000000 -0600 ++++ pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500 +@@ -14,7 +14,9 @@ + #include + #include + #include ++#ifdef HAVE_SYS_FSUID_H + #include ++#endif /* HAVE_SYS_FSUID_H */ + + /* + * Two setfsuid() calls in a row are necessary to check +@@ -22,17 +24,55 @@ + */ + static int change_uid(uid_t uid, uid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + uid_t tmp = setfsuid(uid); + if (save) + *save = tmp; + return (uid_t) setfsuid(uid) == uid ? 0 : -1; ++#else ++ uid_t euid = geteuid(); ++ uid_t ruid = getuid(); ++ if (save) ++ *save = ruid; ++ if (ruid == uid && uid != 0) ++ if (setreuid(euid, uid)) ++ return -1; ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) ++ return -1; ++ } ++ } ++#endif + } + static int change_gid(gid_t gid, gid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + gid_t tmp = setfsgid(gid); + if (save) + *save = tmp; + return (gid_t) setfsgid(gid) == gid ? 0 : -1; ++#else ++ gid_t egid = getegid(); ++ gid_t rgid = getgid(); ++ if (save) ++ *save = rgid; ++ if (rgid == gid) ++ if (setregid(egid, gid)) ++ return -1; ++ else { ++ setregid(0, -1); ++ if (setregid(-1, gid)) { ++ setregid(-1, 0); ++ setregid(0, -1); ++ if (setregid(-1, gid)) ++ return -1; ++ } ++ } ++#endif + } + + static int cleanup(struct pam_modutil_privs *p) -- 2.6.3