Yuqian Yang, le lun. 10 févr. 2025 17:46:31 +0800, a ecrit: > In that file, it tries to lower the fsuid (Linux-specific) to > constrain the privileges of the program and get back then. > As far as I can understand, this avoids changing euid but not > being able to get back.
I'm not sure I understand the patch. It seem so be trying to set the real uid, while setfsuid changes the fs uid, not the real uid. > I can't find a way to do that perfectly on Hurd, or in a portable way. I don't understand why the patch was not just setting the euid. Possibly it needs to keep the euid (e.g. 0) somehow to be able to get back to it. setresuid could be used instead, to save euid as suid to be able to get it back. Samuel > Svante's patch can pass the > tests. But the codes are not very elegant for its bad indents > and not checking the return value, which is complained by > compiler a lot. However, I don't have a better solution for this. > So please discuss how to handle this. > > These are the patches for pam codes. As for the debian packaging > problems, I'll send another mails about it. > > Thanks. > > Yuqian Yang (2): > (GNU/Hurd) add max length hack. > (GNU/Hurd) port Linux-specific api. > > examples/tty_conv.c | 7 ++-- > libpam/include/pam_hurd_max_stub.h | 11 +++++ > libpam/pam_modutil_priv.c | 40 +++++++++++++++++++ > modules/pam_debug/tst-pam_debug-retval.c | 1 + > modules/pam_deny/tst-pam_deny-retval.c | 1 + > modules/pam_echo/tst-pam_echo-retval.c | 1 + > .../pam_faildelay/tst-pam_faildelay-retval.c | 1 + > .../pam_localuser/tst-pam_localuser-retval.c | 1 + > .../pam_mkhomedir/tst-pam_mkhomedir-retval.c | 1 + > modules/pam_nologin/tst-pam_nologin-retval.c | 1 + > modules/pam_permit/tst-pam_permit-retval.c | 1 + > modules/pam_rootok/tst-pam_rootok-retval.c | 1 + > modules/pam_warn/tst-pam_warn-retval.c | 1 + > modules/pam_xauth/pam_xauth.c | 4 ++ > tests/tst-dlopen.c | 4 +- > 15 files changed, 69 insertions(+), 7 deletions(-) > create mode 100644 libpam/include/pam_hurd_max_stub.h > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029097#35 > > -- > Yuqian Yang <crup...@crupest.life> > -- Samuel <m> argh, pi est plus grand que 2. Ca casse tout -+- #ens-mim -+-
