File su-wrapper-1.2.0.dif of Package su-wrapper
--- su-wrapper.conf.dist.orig
+++ su-wrapper.conf.dist
@@ -30,13 +30,13 @@
# is significant. so if you wann deny some special things,
# you have to put them under those lines which would allow them.
-* * lpd * root root /usr/sbin/lpd.real
-* * uucp-poll * root root /usr/bin/autopoll
-* * inet-up * root root /usr/bin/autonet on
-* * inet-down * root root /usr/bin/autonet off
-* * inet-poll * root root /usr/bin/autonet poll
-* * XServer * root root /usr/X11R6/bin/X
-marduk * rootshell * root root /bin/sh
+#* * lpd * root root /usr/sbin/lpd.real
+#* * uucp-poll * root root /usr/bin/autopoll
+#* * inet-up * root root /usr/bin/autonet on
+#* * inet-down * root root /usr/bin/autonet off
+#* * inet-poll * root root /usr/bin/autonet poll
+#* * XServer * root root /usr/X11R6/bin/X
+#marduk * rootshell * root root /bin/sh
# deny nobody everything, each call from nobody ends up in an empty command
nobody - * * - - -
--- src/Makefile.orig
+++ src/Makefile
@@ -1,7 +1,7 @@
CC = gcc
-CFLAGS = -D_GNU_SOURCE -O2 -pipe -Wall
+CFLAGS = -fpie -fPIE -D_GNU_SOURCE $(RPM_OPT_FLAGS) -pipe -Wall
#CFLAGS = -D_GNU_SOURCE -O -g -DDEBUG -Wall
-LDFLAGS = -Wl,-warn-common
+LDFLAGS = -pie -Wl,-warn-common -Wl,-z,relro,-z,now
all: su-wrapper
@@ -9,11 +9,11 @@ su-wrapper: su-wrapper.o
$(CC) $(LDFLAGS) su-wrapper.o -o su-wrapper
install: su-wrapper
- install -s -o root -g root -m 4711 su-wrapper /usr/sbin/
+ install su-wrapper $(DESTDIR)/usr/sbin/
clean:
rm -f su-wrapper su-wrapper.o
uninstall:
- rm -f /usr/sbin/su-wrapper
- mv /etc/su-wrapper.conf /etc/su-wrapper.conf.---
+ rm -f $(DESTDIR)/usr/sbin/su-wrapper
+ mv $(DESTDIR)/etc/su-wrapper.conf $(DESTDIR)/etc/su-wrapper.conf.---
--- src/su-wrapper.c.orig
+++ src/su-wrapper.c
@@ -134,7 +134,7 @@ static int cmdline_match (char * const m
while ((oslot = strsep(&l, ",:"))) {
if (!*oslot) /* empty slot means no slot */
continue;
- for (n = 0; n < max && argv[n]; n++) {
+ for (n = 0; n < (int)max && argv[n]; n++) {
if (!strcmp(oslot, argv[n]))
o[n]++;
}
@@ -142,7 +142,7 @@ static int cmdline_match (char * const m
/* -lf is not -fl and not -l -f or -f -l */
ret = 1;
- for (n = 0; n < max && argv[n]; n++)
+ for (n = 0; n < (int)max && argv[n]; n++)
if (!o[n])
ret = 0;
}
@@ -255,10 +255,10 @@ static void do_su (entry_t * entry)
if ((new_gid = lookup_gid(entry->run_group)) < 0)
error("no such group \"%s\"\n", entry->run_group);
- if ((new_pwd = lookup_pwd(entry->run_user)) < 0)
+ if ((new_pwd = lookup_pwd(entry->run_user)) == (char*)0)
error("no such user \"%s\"\n", entry->run_user);
- if ((new_shell = lookup_shell(entry->run_user)) < 0)
+ if ((new_shell = lookup_shell(entry->run_user)) == (char*)0)
error("no such user \"%s\"\n", entry->run_user);
if (verbose)
@@ -402,7 +402,7 @@ err:
size_t max = _POSIX_ARG_MAX - argc;
int n;
- for (n = 0; n < max && cmdline[n] ; n++)
+ for (n = 0; n < (int)max && cmdline[n] ; n++)
e->params[argc++] = cmdline[n];
}
e->params[argc] = NULL; /* last argument */