From nobody Mon Feb 26 18:35:31 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tk8SQ06rFz5BwY9; Mon, 26 Feb 2024 18:35:34 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Tk8SP3JmDz4qD9; Mon, 26 Feb 2024 18:35:33 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Authentication-Results: mx1.freebsd.org; none Date: Mon, 26 Feb 2024 19:35:31 +0100 Author: Steffen Nurpmeso From: Steffen Nurpmeso To: Shawn Webb Cc: Emmanuel Vadot , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module Message-ID: <20240226183531.WAZIpBUq@steffen%sdaoden.eu> In-Reply-To: <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4> References: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4> Mail-Followup-To: Shawn Webb , Emmanuel Vadot , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org User-Agent: s-nail v14.9.24-601-g936bf2d4d8 OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE] X-Rspamd-Queue-Id: 4Tk8SP3JmDz4qD9 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org Shawn Webb wrote in <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4>: ... |> + /* Setup the session count file */ |> + for (i = 0; i < XDG_MAX_SESSION; i++) { |> + asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i); | |If asprintf fails, xdg_session_file will be NULL. | |> + printf("Trying to open %s\n", xdg_session_file); |> + session_file = openat(rt_dir_prefix, xdg_session_file, \ |> O_CREAT | O_EXCL, RUNTIME_DIR_MODE); | |If xdg_session_file is NULL, there is a NULL pointer dereference |vulnerability in the above call to openat(2). | |> + free(xdg_session_file); |> + if (session_file >= 0) |> + break; | |Thanks, I want to point out again that unless process reaper is handled alongside, PAM sessions are a fragile thing that can be left as easily as "sleep 5 /dev/null 2>&1 &" in a shell. Unfortunately noone cares, but all go systemd, which does all of that. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)