diff options
author | Damien Miller <djm@mindrot.org> | 2011-05-20 11:23:07 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2011-05-20 11:23:07 +1000 |
commit | 14684a1f84e2c8fc949ccff1a6dce10e9bf52ac2 (patch) | |
tree | 48aaa36819a2a656ac6aea9db4c8c0bfece75914 | |
parent | 23f425b48b5c496a4a2f5289a491852e21a97623 (diff) |
- (djm) [session.c] call setexeccon() before executing passwd for pw
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | session.c | 7 |
2 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,7 @@ +20110520 + - (djm) [session.c] call setexeccon() before executing passwd for pw + changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ + 20110515 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/05/05 05:12:08 @@ -96,6 +96,10 @@ #include <kafs.h> #endif +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#endif + #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ @@ -1531,6 +1535,9 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef WITH_SELINUX + setexeccon(NULL); +#endif #ifdef PASSWD_NEEDS_USERNAME execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, (char *)NULL); |