- (djm) [session.c] call setexeccon() before executing passwd for pw

changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
author: Damien Miller <djm@mindrot.org> 2011-05-20 11:23:07 +1000
committer: Damien Miller <djm@mindrot.org> 2011-05-20 11:23:07 +1000
commit: 14684a1f84e2c8fc949ccff1a6dce10e9bf52ac2 (patch)
tree: 48aaa36819a2a656ac6aea9db4c8c0bfece75914
parent: 23f425b48b5c496a4a2f5289a491852e21a97623 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index f735d03f..d898d818 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20110520
+ - (djm) [session.c] call setexeccon() before executing passwd for pw
+   changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
+
 20110515
  - (djm) OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2011/05/05 05:12:08
diff --git a/session.c b/session.c
index fff31b02..6a704007 100644
--- a/session.c
+++ b/session.c
@@ -96,6 +96,10 @@
 #include <kafs.h>
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 #define IS_INTERNAL_SFTP(c) \
 	(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
 	 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
@@ -1531,6 +1535,9 @@ do_pwchange(Session *s)
 	if (s->ttyfd != -1) {
 		fprintf(stderr,
 		    "You must change your password now and login again!\n");
+#ifdef WITH_SELINUX
+		setexeccon(NULL);
+#endif
 #ifdef PASSWD_NEEDS_USERNAME
 		execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
 		    (char *)NULL);
author	Damien Miller <djm@mindrot.org>	2011-05-20 11:23:07 +1000
committer	Damien Miller <djm@mindrot.org>	2011-05-20 11:23:07 +1000
commit	14684a1f84e2c8fc949ccff1a6dce10e9bf52ac2 (patch)
tree	48aaa36819a2a656ac6aea9db4c8c0bfece75914
parent	23f425b48b5c496a4a2f5289a491852e21a97623 (diff)