Hello community, here is the log from the commit of package ppp checked in at Sat Jun 3 00:59:38 CEST 2006. -------- --- ppp/ppp.changes 2006-01-27 02:20:21.000000000 +0100 +++ ppp/ppp.changes 2006-05-30 18:58:49.000000000 +0200 @@ -1,0 +2,5 @@ +Tue May 30 18:50:47 CEST 2006 - meissner@suse.de + +- check return code of setuid in winbind plugin. #179660 + +------------------------------------------------------------------- New: ---- ppp-2.4.3-winbind-setuidfix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ppp.spec ++++++ --- /var/tmp/diff_new_pack.TLXXW3/_old 2006-06-03 00:58:55.000000000 +0200 +++ /var/tmp/diff_new_pack.TLXXW3/_new 2006-06-03 00:58:55.000000000 +0200 @@ -5,7 +5,7 @@ # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://bugs.opensuse.org +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild @@ -14,7 +14,7 @@ BuildRequires: libpcap linux-atm-devel pam-devel URL: http://www.samba.org/ppp/ Version: 2.4.3 -Release: 21 +Release: 33 License: LGPL, BSD Group: Productivity/Networking/PPP Autoreqprov: on @@ -65,6 +65,7 @@ Patch15: ppp-2.4.3-optflags.patch Patch16: ppp-2.4.3-no-strict-aliasing.patch Patch17: ppp-2.4.3-strip.diff +Patch18: ppp-2.4.3-winbind-setuidfix.patch %description The ppp package contains the PPP (Point-to-Point Protocol) daemon, @@ -125,6 +126,7 @@ %patch15 %patch16 %patch17 +%patch18 -p1 %build %if %suse_version > 1000 @@ -178,6 +180,8 @@ /usr/include/pppd %changelog -n ppp +* Tue May 30 2006 - meissner@suse.de +- check return code of setuid in winbind plugin. #179660 * Fri Jan 27 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Tue Jan 24 2006 - max@suse.de ++++++ ppp-2.4.3-winbind-setuidfix.patch ++++++ --- ppp-2.4.3/pppd/plugins/winbind.c.xx 2006-05-30 18:28:24.000000000 +0200 +++ ppp-2.4.3/pppd/plugins/winbind.c 2006-05-30 18:46:33.000000000 +0200 @@ -304,13 +304,21 @@ } if (forkret == 0) { + uid_t uid = getuid(); /* child process */ close(child_out[0]); close(child_in[1]); /* run winbind as the user that invoked pppd */ setgid(getgid()); - setuid(getuid()); + if (-1 == setuid(uid)) { + perror("pppd/winbind: could not setuid"); + exit(1); + } + if (getuid() != uid) { + perror("pppd/winbind: could not setuid to orig uid"); + exit(1); + } execl("/bin/sh", "sh", "-c", ntlm_auth, NULL); perror("pppd/winbind: could not exec /bin/sh"); exit(1); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org