Package: libpam-devperm
Version: 1.5-2
Severity: normal
Tags: patch
Hello,
after logging out, libpam-devperm restores the device permissions in the same
order as they are when logging in. This leads to problems if the devices
listed in /etc/logindevperm are linked with each other.
Imagine the following line in /etc/logindevperm:
:0 0600 /dev/cdrom:/dev/cdrom0:/dev/cdrom1:/dev/cdrom2:/dev/cdrom3
Then, if /dev/cdrom and /dev/cdrom0 are links to the same device, let's say
/dev/hdc, the following happens when user test logs in:
1. libpam-devperm acts on /dev/cdrom. This saves the old ownerships
and permissions (probably root:cdrom and 660) of /dev/hdc and changes
them to test:cdrom and 600.
2. libpam-devperm acts on /dev/cdrom0. This saves the ownerships and
permissions that were set in step 1, test:cdrom and 600.
And when user test logs out:
3. libpam-devperm acts on /dev/cdrom. This restores the old ownerships
and permissions of /dev/hdc, root:cdrom and 660.
4. libpam-devperm acts on /dev/cdrom0. This restores the ownerships and
permissions of /dev/hdc that were saved in step 2, test:cdrom and 600.
So, after logging out the device /dev/hdc does not have the same permissions
and ownerships as before logging in. This problem can be avoided if the
saved values for permissions and ownerships are restored in reverse order.
In the example, step 3 would be executed after step 4, so that /dev/hdc
would get the correct settings.
The patch shown below can do the work.
Regards
Christoph
--- pam-devperm-1.5.orig/src/restore_permissions.c
+++ pam-devperm-1.5/src/restore_permissions.c
@@ -47,6 +47,49 @@
#include "common.h"
+struct devlist_t {
+ char *device;
+ int perm;
+ unsigned long int uid;
+ unsigned long int gid;
+ struct devlist_t *prev;
+ struct devlist_t *next;
+};
+
+struct devlist_t *devlist = NULL;
+
+void insert(const char *device, int perm, unsigned long int uid, unsigned long
int gid)
+{
+ struct devlist_t *temp;
+
+ temp = (struct devlist_t *) malloc(sizeof(struct devlist_t));
+ temp->device = strdup(device);
+ temp->perm = perm;
+ temp->uid = uid;
+ temp->gid = gid;
+ temp->next = NULL;
+ temp->prev = devlist;
+
+ if (devlist != NULL)
+ devlist->next = temp;
+
+ devlist = temp;
+}
+
+void delete(void)
+{
+ struct devlist_t *temp;
+
+ temp = devlist;
+
+ if (devlist != NULL)
+ {
+ devlist = devlist->prev;
+ free(temp->device);
+ free(temp);
+ }
+}
+
int
restore_permissions (const char *tty)
{
@@ -85,8 +128,15 @@
continue; /* empty or comment */
*cp++ = 0;
sscanf(cp, "%o %lu %lu", &perm, &uid, &gid);
- login_protect (device, perm, uid, gid, NULL);
+ insert(device,perm,uid,gid);
}
+
+ while (devlist != NULL)
+ {
+ login_protect (devlist->device, devlist->perm, devlist->uid,
devlist->gid, NULL);
+ delete();
+ }
+
fclose(fp);
unlink (save_perms);
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libpam-devperm depends on:
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
libpam-devperm recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
