mirror of
https://git.yoctoproject.org/poky
synced 2026-03-09 16:59:40 +01:00
be7617de69
Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 (From OE-Core rev: 142715b83fb2c5f4dfeeab2c6e7feccecd1ca46f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
|
|
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
|
Date: Mon, 17 Feb 2025 10:31:55 +0800
|
|
Subject: pam_cap: Fix potential configuration parsing error
|
|
|
|
The current configuration parsing does not actually skip user names
|
|
that do not start with @, but instead treats the name as a group
|
|
name for further parsing, which can result in matching unexpected
|
|
capability sets and may trigger potential security issues. Only
|
|
names starting with @ should be parsed as group names.
|
|
|
|
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
|
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
|
|
|
|
Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878]
|
|
CVE: CVE-2025-1390
|
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
---
|
|
pam_cap/pam_cap.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
|
|
index 7e8cade..7b3d2d1 100644
|
|
--- a/pam_cap/pam_cap.c
|
|
+++ b/pam_cap/pam_cap.c
|
|
@@ -143,6 +143,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
|
|
|
|
if (line[0] != '@') {
|
|
D(("user [%s] is not [%s] - skipping", user, line));
|
|
+ continue;
|
|
}
|
|
|
|
int i;
|
|
--
|
|
2.25.1
|
|
|