mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Thorsten Kukuk (kukuk@suse.de) pointed out a couple problems with

Browse Source 
pam_apparmor and here's a patch to address most of them--

 * header comment was incorrect
 * use pam_get_user() instead of pam_get_item()
 * return an error if we're unable to change to the DEFAULT hat

In addition, this has a fix to make sure that the magic token we read
from /dev/urandom is not null (which would cause the hat probing to fail 
if we need to fall back to the DEFAULT hat).
This commit is contained in:
Jesse Michael 2006-09-14 12:44:01 +00:00
parent 16ede09541
commit 4f4a56859e
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
changehat/pam_apparmor/pam_apparmor.c
View File

@ -1,12 +1,13 @@
/* pam_apparmor module */ /* pam_apparmor module */
/* /*
* Modified for pam_motd by Ben Collins <bcollins@debian.org>
*
* Based off of:
* $Id$ * $Id$
* *
* Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24 * Written by Jesse Michael <jmichael@suse.de> 2006/08/24
*
* Based off of pam_motd by:
* Ben Collins <bcollins@debian.org> 2005/10/04
* Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
* *
*/ */
@ -20,6 +21,7 @@
#include <pwd.h> #include <pwd.h>
#include <security/_pam_macros.h> #include <security/_pam_macros.h>
/* /*
* here, we make a definition for the externally accessible function * here, we make a definition for the externally accessible function
* in this file (this definition is required for static a module * in this file (this definition is required for static a module
@ -44,13 +46,13 @@ PAM_EXTERN
int pam_sm_open_session(pam_handle_t *pamh, int flags, int pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char **argv) int argc, const char **argv)
{ {
int fd, retval = PAM_IGNORE; int fd, retval;
unsigned int magic_token = 0xDEADC0ED; unsigned int magic_token;
const void *user; const char *user;
/* grab the target user name */ /* grab the target user name */
retval = pam_get_item(pamh, PAM_USER, &user); retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') { if (retval != PAM_SUCCESS || user == NULL || *user == '\0') {
return PAM_USER_UNKNOWN; return PAM_USER_UNKNOWN;
} }
@ -58,7 +60,15 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
if (fd < 0) { if (fd < 0) {
return PAM_PERM_DENIED; return PAM_PERM_DENIED;
} }
retval = read(fd, (void *) &magic_token, sizeof(magic_token));
/* the magic token needs to be non-zero otherwise, we won't be able to
probe for hats */
do {
retval = read(fd, (void *) &magic_token, sizeof(magic_token));
if (retval < 0) {
return PAM_PERM_DENIED;
}
} while (magic_token == 0);
close(fd); close(fd);
@ -74,11 +84,13 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
/* failed to change into default hat, so we'll /* failed to change into default hat, so we'll
jump back out */ jump back out */
retval = change_hat(NULL, magic_token); retval = change_hat(NULL, magic_token);
return PAM_PERM_DENIED;
} }
} }
} }
/* zero out the magic token so we can't get back out */ /* zero out the magic token so an attacker wouldn't be able to just grab
it out of process memory and instead would need to brute force it */
memset(&magic_token, 0, sizeof(magic_token)); memset(&magic_token, 0, sizeof(magic_token));
return PAM_SUCCESS; return PAM_SUCCESS;