diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1.0/modules/pam_console/handlers.c
--- Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix 2009-11-02 08:45:24.000000000 +0100
+++ Linux-PAM-1.1.0/modules/pam_console/handlers.c 2009-11-02 08:50:19.000000000 +0100
@@ -172,13 +172,13 @@ call_exec(struct console_handler *handle
const char *flagptr;
const char **argv;
int i = 0;
- argv = malloc(sizeof(*argv)*nparams+2);
-
+ argv = malloc(sizeof(*argv)*(nparams+2));
+
if (argv == NULL)
return;
-
+
argv[i++] = handler->executable;
-
+
for (flagptr = handler->flags; *flagptr != '\0'; flagptr += strlen(flagptr)+1) {
switch (testflag(flagptr)) {
case HF_LOGFAIL:
@@ -231,7 +231,7 @@ execute_handler(pam_handle_t *pamh, stru
}
sighandler = signal(SIGCHLD, SIG_DFL);
-
+
child = fork();
switch (child) {
case -1:
@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru
if (!wait_exit) {
switch(fork()) {
case 0:
- exit(0);
+ if(setsid() == -1) {
+ _exit(255);
+ }
+ break;
case -1:
- exit(255);
+ _exit(255);
default:
- if(setsid() == -1) {
- exit(255);
- }
+ _exit(0);
}
}
if (set_uid) {
struct passwd *pw;
pw = getpwnam(user);
if (pw == NULL)
- exit(255);
+ _exit(255);
if (setgid(pw->pw_gid) == -1 ||
+ setgroups(0, NULL) == -1 ||
setuid(pw->pw_uid) == -1)
- exit(255);
+ _exit(255);
}
call_exec(handler, nparams, user, tty);
- exit(255);
+ _exit(255);
default:
break;
}
-
+
waitpid(child, &rv, 0);
if (sighandler != SIG_ERR)