* [PATCH 0/1] libpam: Fix for CVE-2010-4708
@ 2013-06-19 3:21 wenzong.fan
2013-06-19 3:21 ` [PATCH 1/1] " wenzong.fan
0 siblings, 1 reply; 2+ messages in thread
From: wenzong.fan @ 2013-06-19 3:21 UTC (permalink / raw)
To: openembedded-core
From: Wenzong Fan <wenzong.fan@windriver.com>
Change default for user_readenv to 0 and document the
new default for user_readenv.
This fix from:
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.c?r1=1.22&r2=1.23&view=patch
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.8.xml?r1=1.7&r2=1.8&view=patch
The following changes since commit 590010a6525b0e1bc1de73e794764e23404591df:
core-image-weston: add weston-examples to the image (2013-06-18 17:33:17 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/libpam
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/libpam
Wenzong Fan (1):
libpam: Fix for CVE-2010-4708
.../pam/libpam/libpam-fix-for-CVE-2010-4708.patch | 41 ++++++++++++++++++++
meta/recipes-extended/pam/libpam_1.1.6.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-extended/pam/libpam/libpam-fix-for-CVE-2010-4708.patch
--
1.7.9.5
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 1/1] libpam: Fix for CVE-2010-4708
2013-06-19 3:21 [PATCH 0/1] libpam: Fix for CVE-2010-4708 wenzong.fan
@ 2013-06-19 3:21 ` wenzong.fan
0 siblings, 0 replies; 2+ messages in thread
From: wenzong.fan @ 2013-06-19 3:21 UTC (permalink / raw)
To: openembedded-core
From: Wenzong Fan <wenzong.fan@windriver.com>
Change default for user_readenv to 0 and document the
new default for user_readenv.
This fix from:
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.c?r1=1.22&r2=1.23&view=patch
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.8.xml?r1=1.7&r2=1.8&view=patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../pam/libpam/libpam-fix-for-CVE-2010-4708.patch | 41 ++++++++++++++++++++
meta/recipes-extended/pam/libpam_1.1.6.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-extended/pam/libpam/libpam-fix-for-CVE-2010-4708.patch
diff --git a/meta/recipes-extended/pam/libpam/libpam-fix-for-CVE-2010-4708.patch b/meta/recipes-extended/pam/libpam/libpam-fix-for-CVE-2010-4708.patch
new file mode 100644
index 0000000..5d2b69a
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/libpam-fix-for-CVE-2010-4708.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Backport
+
+Fix for CVE-2010-4708
+
+Change default for user_readenv to 0 and document the
+new default for user_readenv.
+
+This fix is got from:
+http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
+/pam_env.c?r1=1.22&r2=1.23&view=patch
+http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
+/pam_env.8.xml?r1=1.7&r2=1.8&view=patch
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+
+---
+--- a/modules/pam_env/pam_env.c 2012-09-05 13:57:47.000000000 +0800
++++ b/modules/pam_env/pam_env.c 2012-09-05 13:58:05.000000000 +0800
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE 1
+
+ #define DEFAULT_USER_ENVFILE ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+
+ #include "config.h"
+
+--- a/modules/pam_env/pam_env.8.xml 2012-09-05 13:58:24.000000000 +0800
++++ b/modules/pam_env/pam_env.8.xml 2012-09-05 13:59:36.000000000 +0800
+@@ -147,7 +147,10 @@
+ <listitem>
+ <para>
+ Turns on or off the reading of the user specific environment
+- file. 0 is off, 1 is on. By default this option is on.
++ file. 0 is off, 1 is on. By default this option is off as user
++ supplied environment variables in the PAM environment could affect
++ behavior of subsequent modules in the stack without the consent
++ of the system administrator.
+ </para>
+ </listitem>
+ </varlistentry>
diff --git a/meta/recipes-extended/pam/libpam_1.1.6.bb b/meta/recipes-extended/pam/libpam_1.1.6.bb
index 73a8f88..94101d4 100644
--- a/meta/recipes-extended/pam/libpam_1.1.6.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.6.bb
@@ -22,6 +22,7 @@ SRC_URI = "http://linux-pam.org/library/Linux-PAM-${PV}.tar.bz2 \
file://fixsepbuild.patch \
file://reflect-the-enforce_for_root-semantics-change-in-pam.patch \
file://add-checks-for-crypt-returning-NULL.patch \
+ file://libpam-fix-for-CVE-2010-4708.patch \
"
SRC_URI[md5sum] = "7b73e58b7ce79ffa321d408de06db2c4"
SRC_URI[sha256sum] = "bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-06-19 3:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-19 3:21 [PATCH 0/1] libpam: Fix for CVE-2010-4708 wenzong.fan
2013-06-19 3:21 ` [PATCH 1/1] " wenzong.fan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox