Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module
- In reply to: Shawn Webb : "Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 26 Feb 2024 18:35:31 UTC
Shawn Webb wrote in <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4>: ... |> + /* Setup the session count file */ |> + for (i = 0; i < XDG_MAX_SESSION; i++) { |> + asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i); | |If asprintf fails, xdg_session_file will be NULL. | |> + printf("Trying to open %s\n", xdg_session_file); |> + session_file = openat(rt_dir_prefix, xdg_session_file, \ |> O_CREAT | O_EXCL, RUNTIME_DIR_MODE); | |If xdg_session_file is NULL, there is a NULL pointer dereference |vulnerability in the above call to openat(2). | |> + free(xdg_session_file); |> + if (session_file >= 0) |> + break; | |Thanks, I want to point out again that unless process reaper is handled alongside, PAM sessions are a fragile thing that can be left as easily as "sleep 5 </dev/null >/dev/null 2>&1 &" in a shell. Unfortunately noone cares, but all go systemd, which does all of that. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)