File util-linux-su-change-owner-and-mode-for-pty.patch of Package python-libmount.32955

From 17d5b264367debb745b678fcafacbaa938b29455 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 23 Feb 2021 11:52:45 +0100
Subject: [PATCH] su: (pty) change owner and mode for pty
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The current situation:

 # su --pty - kzak
 $ ll $(tty)
 crw--w---- 1 root tty 136, 9 Feb 23 11:53 /dev/pts/9
 $ mesg
 mesg: cannot open /dev/pts/9: Permission denied

the pseudo-terminal is still owned by the original user.

New version:

 # su --pty - kzak
 # ll $(tty)
 crw--w---- 1 kzak tty 136, 9 Feb 23 11:56 /dev/pts/9
 # mesg
 is y

The patch follows login(1) to change the pty owner and group. It
follows "TTYPERM" and "TTYGROUP" from login.defs (or econf lib).

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 include/pty-session.h   |  2 ++
 lib/pty-session.c       |  9 +++++++++
 login-utils/su-common.c | 26 ++++++++++++++++++++++++--
 3 files changed, 35 insertions(+), 2 deletions(-)

Index: util-linux-2.33.2/login-utils/su-common.c
===================================================================
--- util-linux-2.33.2.orig/login-utils/su-common.c
+++ util-linux-2.33.2/login-utils/su-common.c
@@ -34,6 +34,7 @@
 #endif
 #include <signal.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <syslog.h>
 #include <utmpx.h>
 
@@ -82,7 +83,6 @@ UL_DEBUG_DEFINE_MASKNAMES(su) = UL_DEBUG
 #define DBG(m, x)       __UL_DBG(su, SU_DEBUG_, m, x)
 #define ON_DBG(m, x)    __UL_DBG_CALL(su, SU_DEBUG_, m, x)
 
-
 /* name of the pam configuration files. separate configs for su and su -  */
 #define PAM_SRVNAME_SU "su"
 #define PAM_SRVNAME_SU_L "su-l"
@@ -582,6 +582,36 @@ static void pty_proxy_master(struct su_c
 	su->pty_sigfd = -1;
 	DBG(PTY, ul_debug("poll() done [signal=%d, rc=%d]", caught_signal, rc));
 }
+
+/* Needed for chownmod_pty, backported from pty-session.c that does not exist yet. */
+static int pty_chownmod_slave(struct su_context *su, uid_t uid, gid_t gid, mode_t mode)
+{
+	if (fchown(su->pty_slave, uid, gid))
+		return -errno;
+	if (fchmod(su->pty_slave, mode))
+		return -errno;
+	return 0;
+}
+
+static void pty_chownmod(struct su_context *su)
+{
+	gid_t gid = su->pwd->pw_gid;
+	mode_t mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE);
+	const char *grname = getlogindefs_str("TTYGROUP", TTYGRPNAME);
+
+	if (grname && *grname) {
+		struct group *gr = getgrnam(grname);
+		if (gr)	/* group by name */
+			gid = gr->gr_gid;
+		else	/* group by ID */
+			gid = (gid_t) getlogindefs_num("TTYGROUP", gid);
+	}
+
+	if (pty_chownmod_slave(su,
+			       su->pwd->pw_uid,
+			       gid, mode))
+		warn(_("change owner or mode for pseudo-terminal failed"));
+}
 #endif /* USE_PTY */
 
 
@@ -824,7 +854,6 @@ static void parent_setup_signals(struct
 	}
 }
 
-
 static void create_watching_parent(struct su_context *su)
 {
 	int status;
@@ -1625,6 +1654,10 @@ int su_main(int argc, char **argv, int m
 	create_watching_parent(su);
 	/* Now we're in the child.  */
 
+#ifdef USE_PTY
+	if (su->pty)
+		pty_chownmod(su);
+#endif
 	change_identity(su->pwd);
 	if (!su->same_session || su->pty) {
 		DBG(MISC, ul_debug("call setsid()"));