[crux-commits] ports/contrib (refs/remotes/origin/3.6): pam_xdg: undocumented PAM!! Need setegid(2) sometimes (boxed environments)

crux at crux.nu crux at crux.nu
Sat Apr 10 19:05:50 UTC 2021


commit ef1dad0afd199c9f88b14498bc8073a1c34cd037
Author: Steffen Nurpmeso <steffen at sdaoden.eu>
Date:   Mon Feb 22 01:10:55 2021 +0100

    pam_xdg: undocumented PAM!! Need setegid(2) sometimes (boxed environments)

diff --git a/pam_xdg/.md5sum b/pam_xdg/.md5sum
new file mode 100644
index 000000000..f1f334aef
--- /dev/null
+++ b/pam_xdg/.md5sum
@@ -0,0 +1,3 @@
+c9095bcca36ad19232016d2871e59546  makefile
+c8562d9eb117543c267e992a898ad617  pam_xdg.8
+09f7153e4300cf57d6a6a4bfe5fa0f3a  pam_xdg.c
diff --git a/pam_xdg/.signature b/pam_xdg/.signature
index 3cadea97b..1c5851ad2 100644
--- a/pam_xdg/.signature
+++ b/pam_xdg/.signature
@@ -1,7 +1,7 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF31kzD0aPl+YxQhbsVf3vfdKQeBygrUwAVkQb1AygkWUjgPxC9v7TeEO9NSzUtdlp6E3ckytyI5hYQ+CGcDYDkA0=
-SHA256 (Pkgfile) = a042a0a8a24333b837840971cf0e84591fa2893a1f9b8871b814ddc804cf505e
+RWSagIOpLGJF3wSopQt7TvcJLCKXnqY7+rEYaiXbcNkFqhjUOyafFSwoNvjHD/yU0MwPrRqfsDzZj4+X//VOhTm+XpBl8CXh4Ag=
+SHA256 (Pkgfile) = 4dff33d08e9f6699bffa06a6137c05c9bb446827b9ccde2b376f8aa8495306d1
 SHA256 (.footprint) = 56d789b652e6167f5fb93e1e6d48243e13f598c6d9a72705a8e54a003574ba31
-SHA256 (pam_xdg.c) = 38927fe6847b8e252eeba4d11a39335fa6b161bbde22162042062df12c2f759c
+SHA256 (pam_xdg.c) = 4e9215a0f695920f04e925f55fd221167b2f376a75cc2668f9d4842540ccdeed
 SHA256 (pam_xdg.8) = 2929bcd6655d28127d386215d3d8c4fed6744b65c4866ac7e49d54cb438d9133
 SHA256 (makefile) = 2466f499c3e84fd821176371fa9ff78143bf94b9ec09fd9e654b35613e4ead7d
diff --git a/pam_xdg/Pkgfile b/pam_xdg/Pkgfile
index ab5785e84..79694314a 100644
--- a/pam_xdg/Pkgfile
+++ b/pam_xdg/Pkgfile
@@ -3,7 +3,7 @@
 # Maintainer:  Steffen Nurpmeso, steffen at sdaoden dot eu
 
 name=pam_xdg
-version=20210208
+version=20210222
 release=1
 source=($name.c $name.8 makefile)
 
diff --git a/pam_xdg/pam_xdg.c b/pam_xdg/pam_xdg.c
index aa6bfd19b..4c121e93c 100644
--- a/pam_xdg/pam_xdg.c
+++ b/pam_xdg/pam_xdg.c
@@ -130,6 +130,9 @@ a_xdg(int isopen, pam_handle_t *pamh, int flags, int argc, const char **argv){
 
    /* We try create the base directory once as necessary */
    /*if(isopen)*/{
+      gid_t oegid;
+      mode_t oumask;
+
       res = 0;
       while(fstatat(cwdfd, a_RUNTIME_DIR_BASE, &st, AT_SYMLINK_NOFOLLOW
             ) == -1){
@@ -139,12 +142,19 @@ a_xdg(int isopen, pam_handle_t *pamh, int flags, int argc, const char **argv){
             goto jerr;
          }
 
+         oumask = umask(0000);
+         oegid = getegid();
+         setegid(0);
+
          if(mkdirat(cwdfd, a_RUNTIME_DIR_BASE, a_RUNTIME_DIR_BASE_MODE
                ) == -1 && errno != EEXIST){
             emsg = "cannot create base directory "
                   a_RUNTIME_DIR_OUTER "/" a_RUNTIME_DIR_BASE;
             goto jerr;
          }
+
+         setegid(oegid);
+         umask(oumask);
       }
       /* Not worth doing S_ISDIR(st.st_mode), O_DIRECTORY will bail next */
    }


More information about the crux-commits mailing list