Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
17617070 sudo does not use pam_setcred correctly to set the audit context.
authorApril Chin <april.chin@oracle.com>
Tue, 22 Oct 2013 08:42:12 -0700
changeset 1518 4dc3f734af5e
parent 1517 a0e586ad53a2
child 1519 103ec9ec496f
17617070 sudo does not use pam_setcred correctly to set the audit context.
components/sudo/patches/pam_setcred.patch file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/sudo/patches/pam_setcred.patch	Tue Oct 22 08:42:12 2013 -0700
@@ -0,0 +1,17 @@
+# Fix for
+# 17617070 sudo does not use pam_setcred correctly to set the audit context
+diff -ru sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c sudo-1.8.6p7/plugins/sudoers/auth/pam.c
+--- sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c	Mon Feb 25 11:42:44 2013
++++ sudo-1.8.6p7/plugins/sudoers/auth/pam.c	Mon Oct 21 13:32:27 2013
+@@ -229,8 +229,10 @@
+      * for the setcred module.  Because we haven't called pam_authenticate(),
+      * this is not set and so pam_setcred() returns PAM_PERM_DENIED.
+      * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
++     *
++     * Reinitialize credentials when changing a user. 
+      */
+-    (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
++    (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
+ 
+ #ifdef HAVE_PAM_GETENVLIST
+     /*
upstream/oracle/userland-gate