Hello.
Matthias Gerstner wrote in
<zxdkuqteocmdb...@kasco.suse.de>:
|On Tue, Oct 15, 2024 at 10:21:35PM +0200, Solar Designer wrote:
|> On Tue, Oct 15, 2024 at 03:17:34PM -0400, Demi Marie Obenour wrote:
...
|From 345ae06e0f698bdb1e9b4529e5a882f12df04426 Mon Sep 17 00:00:00 2001
|From: Matthias Gerstner <matthias.gerst...@suse.de>
|Date: Wed, 16 Oct 2024 09:58:35 +0200
|Subject: [PATCH] usersfile: fix potential security issues in PAM module
...
|+static int
|+lock_usersfile (struct usersfile_ctx *ctx)
|+{
|+ /*
|+ * There exist three file locking APIs:
|+ *
|+ * - flock(): this would be the simplest API, but it doesn't properly \
|support
|+ * network file systems like NFS, which then causes a transparent \
|fallback
|+ * to fcntl() file locking.
|+ * - fcntl using F_SETLCK & friends: this lock is not based on the \
|open file
|+ * description and thus cannot be inherited to child processes, \
|which we
|+ * need to do.
|+ * - fcntl using F_OFD_SETLCK & friends: this is a Linux specific \
|lock that
It was added to and is part of POSIX.1-2024.
|+ * _is_ based on the open file description. It seems like the \
|best bet for
|+ * our scenario.
...
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
