wok view pam/stuff/CVE-2024-22365.patch @ rev 25649

Patch pam CVE-2024-22365
author Stanislas Leduc <shann@slitaz.org>
date Fri Feb 02 19:36:21 2024 +0100 (3 months ago)
parents
children
line source
1 diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
2 index 2528cff86..f72d67189 100644
3 --- a/modules/pam_namespace/pam_namespace.c
4 +++ b/modules/pam_namespace/pam_namespace.c
5 @@ -1201,7 +1201,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
6 int dfd = AT_FDCWD;
7 int dfd_next;
8 int save_errno;
9 - int flags = O_RDONLY;
10 + int flags = O_RDONLY | O_DIRECTORY;
11 int rv = -1;
12 struct stat st;
13
14 @@ -1255,22 +1255,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
15 rv = openat(dfd, dir, flags);
16 }
17
18 - if (rv != -1) {
19 - if (fstat(rv, &st) != 0) {
20 - save_errno = errno;
21 - close(rv);
22 - rv = -1;
23 - errno = save_errno;
24 - goto error;
25 - }
26 - if (!S_ISDIR(st.st_mode)) {
27 - close(rv);
28 - errno = ENOTDIR;
29 - rv = -1;
30 - goto error;
31 - }
32 - }
33 -
34 if (flags & O_NOFOLLOW) {
35 /* we are inside user-owned dir - protect */
36 if (protect_mount(rv, p, idata) == -1) {