mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-11 23:16:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

overlay coreos/user-patches: Drop unnecessary patch for sys-libs/libcap

Browse Source
This commit is contained in:
Krzesimir Nowak 2025-06-30 17:12:42 +02:00
parent 4263c5bdbd
commit c95b1353e1
2 changed files with 0 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-libs/libcap/0001-pam-cap-Fix-potential-configuration-parsing-error.patch vendored
View File

@ -1,32 +0,0 @@
From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Date: Mon, 17 Feb 2025 10:31:55 +0800
Subject: pam_cap: Fix potential configuration parsing error
The current configuration parsing does not actually skip user names
that do not start with @, but instead treats the name as a group
name for further parsing, which can result in matching unexpected
capability sets and may trigger potential security issues. Only
names starting with @ should be parsed as group names.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
pam_cap/pam_cap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 24de329..3ec99bb 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
if (line[0] != '@') {
D(("user [%s] is not [%s] - skipping", user, line));
+ continue;
}
int i;
--
cgit 1.2.3-korg

3
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-libs/libcap/README.md vendored
View File

@ -1,3 +0,0 @@
The `0001-pam-cap-Fix-potential-configuration-parsing-error.patch`
patch addresses CVE-2025-1390. It can be dropped when updating to
2.74.