diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | session.c | 7 |
2 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,7 @@ | |||
1 | 20110520 | ||
2 | - (djm) [session.c] call setexeccon() before executing passwd for pw | ||
3 | changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ | ||
4 | |||
1 | 20110515 | 5 | 20110515 |
2 | - (djm) OpenBSD CVS Sync | 6 | - (djm) OpenBSD CVS Sync |
3 | - djm@cvs.openbsd.org 2011/05/05 05:12:08 | 7 | - djm@cvs.openbsd.org 2011/05/05 05:12:08 |
@@ -96,6 +96,10 @@ | |||
96 | #include <kafs.h> | 96 | #include <kafs.h> |
97 | #endif | 97 | #endif |
98 | 98 | ||
99 | #ifdef WITH_SELINUX | ||
100 | #include <selinux/selinux.h> | ||
101 | #endif | ||
102 | |||
99 | #define IS_INTERNAL_SFTP(c) \ | 103 | #define IS_INTERNAL_SFTP(c) \ |
100 | (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ | 104 | (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ |
101 | (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ | 105 | (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ |
@@ -1531,6 +1535,9 @@ do_pwchange(Session *s) | |||
1531 | if (s->ttyfd != -1) { | 1535 | if (s->ttyfd != -1) { |
1532 | fprintf(stderr, | 1536 | fprintf(stderr, |
1533 | "You must change your password now and login again!\n"); | 1537 | "You must change your password now and login again!\n"); |
1538 | #ifdef WITH_SELINUX | ||
1539 | setexeccon(NULL); | ||
1540 | #endif | ||
1534 | #ifdef PASSWD_NEEDS_USERNAME | 1541 | #ifdef PASSWD_NEEDS_USERNAME |
1535 | execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, | 1542 | execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, |
1536 | (char *)NULL); | 1543 | (char *)NULL); |