diff -ur Linux-PAM-1.1.1.orig/modules/pam_xauth/pam_xauth.c Linux-PAM-1.1.1/modules/pam_xauth/pam_xauth.c
--- Linux-PAM-1.1.1.orig/modules/pam_xauth/pam_xauth.c 2009-11-04 13:04:53.000000000 +0100
+++ Linux-PAM-1.1.1/modules/pam_xauth/pam_xauth.c 2009-12-30 17:14:59.000000000 +0100
@@ -88,7 +88,7 @@
* given input on stdin, and storing any output it generates. */
static int
run_coprocess(const char *input, char **output,
- uid_t uid, gid_t gid, const char *command, ...)
+ uid_t uid, gid_t gid, const char *name, const char *command, ...)
{
int ipipe[2], opipe[2], i;
char buf[LINE_MAX];
@@ -127,7 +127,11 @@
int maxopened;
/* Drop privileges. */
setgid(gid);
+ /* Mandrake Linux specific:
+ * we need to set the extra groups because in high security levels
+ * access to /usr/X11R6/bin dir is controlled by a group */
setgroups(0, NULL);
+ initgroups(name, gid);
setuid(uid);
/* Initialize the argument list. */
memset(args, 0, sizeof(args));
@@ -154,6 +158,7 @@
}
/* Run the command. */
execv(command, args);
+ syslog(LOG_ERR, "pam_xauth: execvp of %s failed: %m", command);
/* Never reached. */
_exit(1);
}
@@ -464,7 +469,7 @@
(unsigned long) getuid(), (unsigned long) getgid());
}
if (run_coprocess(NULL, &cookie,
- getuid(), getgid(),
+ getuid(), getgid(), rpwd->pw_name,
xauth, "-f", cookiefile, "nlist", display,
NULL) == 0) {
int save_errno;
@@ -522,7 +527,7 @@
(unsigned long) getgid());
}
run_coprocess(NULL, &cookie,
- getuid(), getgid(),
+ getuid(), getgid(), rpwd->pw_name,
xauth, "-f", cookiefile,
"nlist", t, NULL);
}
@@ -670,7 +675,7 @@
(unsigned long) tpwd->pw_gid);
}
run_coprocess(cookie, &tmp,
- tpwd->pw_uid, tpwd->pw_gid,
+ tpwd->pw_uid, tpwd->pw_gid, tpwd->pw_name,
xauth, "-f", cookiefile, "nmerge", "-", NULL);
/* We don't need to keep a copy of these around any more. */
distrib
>
Mandriva
>
2010.1
>
x86_64
>
media
>
main-release-src
>
by-pkgid
>
d9f1e5142dd2a4dcaf3b4b328be057d6
>
files
>
4
