Miroirs/msb
1
0
Fork 0
mirror of https://gitlab.com/mateslackbuilds/msb.git synced 2025-01-13 08:01:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update KNOWN ISSUES and Remove Shadow Patch

Browse source 
Now included in 14.1 and Current

Signed-off-by: willysr <willysr@slackware-id.org>
This commit is contained in:
willysr 2014-02-20 12:02:56 +07:00
parent a74af1ef1a
commit 1e72f8c47d
2 changed files with 0 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
KNOWN_ISSUES.TXT
View file

@ -19,34 +19,6 @@ in testing/yelp.
You also need to rebuild some packages, since by default, the SlackBuild script is configured You also need to rebuild some packages, since by default, the SlackBuild script is configured
to remove help files. You can remove the --without-help-dir line to produce help files. to remove help files. You can remove the --without-help-dir line to produce help files.
Fri Feb 14 12:11:22 UTC 2014
By default, gksu will not work in Slackware 14.1 since shadow has been patched
to fix security vulnerabilities, but this caused gksu to be broken.
See this thread on LQ for more information
http://www.linuxquestions.org/questions/slackware-14/%5Bslackware-14-1%5D-su-c-tty-hijacking-and-some-breakage-4175486942/
The solution for this problem is easy, but since it's not yet applied upstream,
we provided a simple fix from Mancha to fix this problem.
Download the shadow source from Slackware mirror site such as
http://slackware.osuosl.org/slackware-14.1/source/a/shadow/
or
http://slackware.osuosl.org/slackware64-14.1/source/a/shadow/
and also a patch included in testing/shadow and put it on the same folder.
Edit the shadow.SlackBuild and add this line
patch -p1 --verbose < $CWD/shadow-4.1.5.1_CVE-2005-4890_relax.diff || exit 1
before configure line and rebuild shadow package.
You can upgrade to the modified version by running:
upgradepkg /tmp/shadow-4.1.5.1-i486-2.tgz
or
upgradepkg /tmp/shadow-4.1.5.1-x86_64-2.tgz
After upgrading to the modified version, gksu will work normally.
This patch will goes into Slackware 14.1 and Slackware-Current soon.
Mon Jun 10 03:09:28 UTC 2013 Mon Jun 10 03:09:28 UTC 2013
If you are encountering problems with Caja (MATE's file manager) opening If you are encountering problems with Caja (MATE's file manager) opening
directories when clicking on files in certain programs like Dropbox, Skype, directories when clicking on files in certain programs like Dropbox, Skype,

35
testing/shadow/shadow-4.1.5.1_CVE-2005-4890_relax.diff
View file

@ -1,35 +0,0 @@
From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Wed, 04 Dec 2013
Subject: restrict "su -c" only when callee is not root
Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
(CVE-2005-4890) by detaching the controlling terminal.
Omni-directional protection is excessive and breaks commonly-used
methods for privilege escalation. Breakage is particularly severe
on non-PAM systems.
This patch relaxes the restriction and only detaches the controlling
tty when the callee is not root. After all, we are not overly concerned
with root injecting commands to non-privileged users.
---
src/su.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/su.c
+++ b/src/su.c
@@ -1076,10 +1076,10 @@ int main (int argc, char **argv)
set_environment (pw);
- if (!doshell) {
+ if (!doshell && pw->pw_uid != 0) {
/* There is no need for a controlling terminal.
* This avoids the callee to inject commands on
- * the caller's tty. */
+ * the caller's tty when the callee is not root. */
int err = -1;
#ifdef USE_PAM