Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module

From: Steffen Nurpmeso <steffen_at_sdaoden.eu>
Date: Mon, 26 Feb 2024 18:35:31 UTC
Shawn Webb wrote in
 <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4>:
 ...
 |> +   /* Setup the session count file */
 |> +   for (i = 0; i < XDG_MAX_SESSION; i++) {
 |> +           asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i);
 |
 |If asprintf fails, xdg_session_file will be NULL.
 |
 |> +           printf("Trying to open %s\n", xdg_session_file);
 |> +           session_file = openat(rt_dir_prefix, xdg_session_file, \
 |> O_CREAT | O_EXCL, RUNTIME_DIR_MODE);
 |
 |If xdg_session_file is NULL, there is a NULL pointer dereference
 |vulnerability in the above call to openat(2).
 |
 |> +           free(xdg_session_file);
 |> +           if (session_file >= 0)
 |> +                   break;
 |
 |Thanks,

I want to point out again that unless process reaper is handled
alongside, PAM sessions are a fragile thing that can be left as
easily as "sleep 5 </dev/null >/dev/null 2>&1 &" in a shell.
Unfortunately noone cares, but all go systemd, which does all of
that.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)