Mailinglist Archive: opensuse-bugs (4642 mails)

< Previous Next >
[Bug 629236] AUDIT-0: vlock - setgid needed
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 28 Sep 2010 08:40:39 +0000
  • Message-id: <20100928084039.5A77ACC7CE@xxxxxxxxxxxxxxxxxxxxxx>

https://bugzilla.novell.com/show_bug.cgi?id=629236

https://bugzilla.novell.com/show_bug.cgi?id=629236#c7


--- Comment #7 from Sebastian Krahmer <krahmer@xxxxxxxxxx> 2010-09-28 08:40:37
UTC ---
We already audited vlock and didnt want to make it suid.
Please see bnc#342924.

The 11.2 vlock build at least is also wrong with its plugins.
On x86_64, the binary looks in /usr/lib/vlock for plugins and scripts,
but they are located in /usr/lib64/vlock.
It is checking for / characters in pathnames, but I'd prefer
to disable execution of plugins and scripts.

Additionally theres a small bug:


diff -rup vlock-2.2.2.orig//src/util.c vlock-2.2.2/src/util.c
--- vlock-2.2.2.orig//src/util.c 2008-05-18 05:10:54.000000000 -0400
+++ vlock-2.2.2/src/util.c 2010-09-28 11:53:39.079325879 -0400
@@ -51,11 +51,11 @@ struct timespec *parse_seconds(const cha

void fatal_error(const char *format, ...)
{
- char *error;
+ char *error = NULL;
va_list ap;
va_start(ap, format);
if (vasprintf(&error, format, ap) < 0)
- error = "error while formatting error message";
+ error = strdup("error while formatting error message");
va_end(ap);
fatal_error_free(error);
}

since fatal_error_free() would call free() on a string literal.

Why does vlock need suid/sgid. Isnt unix2_chkpwd exactly for that purpose?

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >