mirror of
https://gitlab.com/mateslackbuilds/msb.git
synced 2024-12-25 21:59:36 +01:00
Update KNOWN ISSUES and Remove Shadow Patch
Now included in 14.1 and Current Signed-off-by: willysr <willysr@slackware-id.org>
This commit is contained in:
willysr
parent
a74af1ef1a
commit
1e72f8c47d
2 changed files with 0 additions and 63 deletions
|
|
@ -19,34 +19,6 @@ in testing/yelp.
|
|||
You also need to rebuild some packages, since by default, the SlackBuild script is configured
|
||||
to remove help files. You can remove the --without-help-dir line to produce help files.
|
||||
|
||||
Fri Feb 14 12:11:22 UTC 2014
|
||||
By default, gksu will not work in Slackware 14.1 since shadow has been patched
|
||||
to fix security vulnerabilities, but this caused gksu to be broken.
|
||||
See this thread on LQ for more information
|
||||
http://www.linuxquestions.org/questions/slackware-14/%5Bslackware-14-1%5D-su-c-tty-hijacking-and-some-breakage-4175486942/
|
||||
|
||||
The solution for this problem is easy, but since it's not yet applied upstream,
|
||||
we provided a simple fix from Mancha to fix this problem.
|
||||
|
||||
Download the shadow source from Slackware mirror site such as
|
||||
http://slackware.osuosl.org/slackware-14.1/source/a/shadow/
|
||||
or
|
||||
http://slackware.osuosl.org/slackware64-14.1/source/a/shadow/
|
||||
|
||||
and also a patch included in testing/shadow and put it on the same folder.
|
||||
Edit the shadow.SlackBuild and add this line
|
||||
patch -p1 --verbose < $CWD/shadow-4.1.5.1_CVE-2005-4890_relax.diff || exit 1
|
||||
|
||||
before configure line and rebuild shadow package.
|
||||
You can upgrade to the modified version by running:
|
||||
upgradepkg /tmp/shadow-4.1.5.1-i486-2.tgz
|
||||
or
|
||||
upgradepkg /tmp/shadow-4.1.5.1-x86_64-2.tgz
|
||||
|
||||
After upgrading to the modified version, gksu will work normally.
|
||||
|
||||
This patch will goes into Slackware 14.1 and Slackware-Current soon.
|
||||
|
||||
Mon Jun 10 03:09:28 UTC 2013
|
||||
If you are encountering problems with Caja (MATE's file manager) opening
|
||||
directories when clicking on files in certain programs like Dropbox, Skype,
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
|
||||
From: mancha <mancha1@hush.com>
|
||||
Date: Wed, 04 Dec 2013
|
||||
Subject: restrict "su -c" only when callee is not root
|
||||
|
||||
Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
|
||||
(CVE-2005-4890) by detaching the controlling terminal.
|
||||
|
||||
Omni-directional protection is excessive and breaks commonly-used
|
||||
methods for privilege escalation. Breakage is particularly severe
|
||||
on non-PAM systems.
|
||||
|
||||
This patch relaxes the restriction and only detaches the controlling
|
||||
tty when the callee is not root. After all, we are not overly concerned
|
||||
with root injecting commands to non-privileged users.
|
||||
|
||||
---
|
||||
src/su.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
|
||||
|
||||
set_environment (pw);
|
||||
|
||||
- if (!doshell) {
|
||||
+ if (!doshell && pw->pw_uid != 0) {
|
||||
/* There is no need for a controlling terminal.
|
||||
* This avoids the callee to inject commands on
|
||||
- * the caller's tty. */
|
||||
+ * the caller's tty when the callee is not root. */
|
||||
int err = -1;
|
||||
|
||||
#ifdef USE_PAM
|
||||
Loading…
Reference in a new issue