From owner-cvs-all@FreeBSD.ORG Mon Apr 4 13:12:14 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F0CF16A4CE; Mon, 4 Apr 2005 13:12:14 +0000 (GMT) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 349D043D1F; Mon, 4 Apr 2005 13:12:14 +0000 (GMT) (envelope-from des@des.no) Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IEF0002JB33Y6D0@bgo1smout1.broadpark.no>; Mon, 04 Apr 2005 15:06:39 +0200 (CEST) Received: from dsa.des.no ([80.203.228.37]) by bgo1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IEF00DX9BEROUA0@bgo1sminn1.broadpark.no>; Mon, 04 Apr 2005 15:13:39 +0200 (CEST) Received: by dsa.des.no (Pony Express, from userid 666) id 99032EBDF4; Mon, 04 Apr 2005 15:12:12 +0200 (CEST) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id 3ED4CC1021; Mon, 04 Apr 2005 15:12:09 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 2DB2433C5A; Mon, 04 Apr 2005 15:12:09 +0200 (CEST) Date: Mon, 04 Apr 2005 15:12:09 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <200503271359.j2RDxiF9050487@repoman.freebsd.org> To: Jacques Vidrine Message-id: <86oecur8ie.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: <200503271359.j2RDxiF9050487@repoman.freebsd.org> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/libexec/rexecd rexecd.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 13:12:14 -0000 Jacques Vidrine writes: > A separate bug was introduced at the same time. The PAM library > functions are called between the invocation of getpwnam(3) and the use > of the returned static object. Since many PAM library functions > result in additional getpwnam(3) calls, the contents of the returned > static object could be changed from under rexecd. With this commit, > getpwnam_r(3) is used instead. This is incorrect, because PAM may change the login name, so the struct passwd you got before calling PAM might not be the one you actually need. The simplest fix is to revert this patch and instead add pam_get_item(pamh, PAM_USER, &user); pwd =3D getpwnam(user); after the PAM transaction. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no