diff options
author | Clayton Craft <clayton@craftyguy.net> | 2020-09-06 15:31:03 -0700 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-09-07 02:34:09 +0000 |
commit | 0ed516feaee0403528c3ebc5829cf49e76f703a1 (patch) | |
tree | 56ac0a574863b6b9f97d6690d7825ea5ba380f6d | |
parent | a6e06d872cfff9d9e6bc28fb7981d5c5880cf94e (diff) |
main/linux-pam: avoid deadlock with opendir and fork/exec
This adds a patch to conditionally disable calling opendir in
pam_modutil_sanitize. Some applications (Phosh) run PAM with fork/exec
and end up deadlocking on this.
The upstream patch that changed this behavior between PAM 1.3.1 and
1.4.0 is here:
https://github.com/linux-pam/linux-pam/commit/1b087edc7f05237bf5eccc405704cd82b848e761
-rw-r--r-- | main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch | 34 | ||||
-rw-r--r-- | main/linux-pam/APKBUILD | 4 |
2 files changed, 37 insertions, 1 deletions
diff --git a/main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch b/main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch new file mode 100644 index 00000000000..d0de27b7e55 --- /dev/null +++ b/main/linux-pam/0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch @@ -0,0 +1,34 @@ +From fc3af2492a42eb042d6ae1ee816224f951a30c64 Mon Sep 17 00:00:00 2001 +From: Clayton Craft <clayton@craftyguy.net> +Date: Sun, 6 Sep 2020 15:23:43 -0700 +Subject: [PATCH] avoid opendir since it may be called during fork exec + +Some applications (e.g. Phosh) call PAM from a thread for async +unlocking, and opendir causes deadlocks. +--- + libpam/pam_modutil_sanitize.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c +index 58b9537..fb58a72 100644 +--- a/libpam/pam_modutil_sanitize.c ++++ b/libpam/pam_modutil_sanitize.c +@@ -128,6 +128,7 @@ close_fds(void) + /* The lower limit is the same as for _POSIX_OPEN_MAX. */ + const unsigned int MIN_FD_NO = 20; + ++#if defined(__GLIBC__) + /* If /proc is mounted, we can optimize which fd can be closed. */ + if ((dir = opendir("/proc/self/fd")) != NULL) { + if ((dfd = dirfd(dir)) >= 0 && is_in_procfs(dfd) > 0) { +@@ -141,6 +142,7 @@ close_fds(void) + } + closedir(dir); + } ++#endif + + /* If /proc isn't available, fallback to the previous behavior. */ + if (dfd < 0) { +-- +2.28.0 + diff --git a/main/linux-pam/APKBUILD b/main/linux-pam/APKBUILD index ed5f1d79985..28c7f21245a 100644 --- a/main/linux-pam/APKBUILD +++ b/main/linux-pam/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Rasmus Thomsen <oss@cogitri.dev> pkgname=linux-pam pkgver=1.4.0 -pkgrel=0 +pkgrel=1 pkgdesc="Linux PAM (Pluggable Authentication Modules for Linux)" url="https://www.kernel.org/pub/linux/libs/pam" arch="all" @@ -16,6 +16,7 @@ source=" https://github.com/linux-pam/linux-pam/releases/download/v$pkgver/Linux-PAM-$pkgver.tar.xz c9593778a6133bf29eb2f47c24cc6d2f5d729fc8.patch 0adbaeb273da1d45213134aa271e95987103281c.patch + 0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch base-auth.pamd base-account.pamd @@ -75,6 +76,7 @@ package() { sha512sums="26eda95c45598a500bc142da4d1abf93d03b3bbb0f2390fa87c72dcbffa208dbfa115c0b411095c31ee9955e36422ccf3e2df3bd486818fafffef8c4310798c4 Linux-PAM-1.4.0.tar.xz 8a324d01d23e882a9aa5f35cb15c428d2056af24c289e7c831f68adcac9321385671a50db6702406b487dbfc71763ad8de4d41effb9da0b1133c9f2fdeba0251 c9593778a6133bf29eb2f47c24cc6d2f5d729fc8.patch 1c6859bead65eefbdce4de8672f4532ac358b271ff73aed973d3d02e9410d1312f2bec0d98cc2e3cda789a59481737a7466d9cb71562a027e13a0c53623aaa52 0adbaeb273da1d45213134aa271e95987103281c.patch +f5607691950082a72aeb6b74b5e2d7679641baeafc8f53e9173b2606489401f09f66e2e7bc9cc04088953be2a8a4baa4253e23e9c07cf9b3721079847ea34148 0001-avoid-opendir-since-it-may-be-called-during-fork-exe.patch ea6a10957ba9ec50d982bfabafb35060426ac797936f874097b4fa7620b89fd2ba3be9757401f9b787956fb23879d8ef73676f7703e75fcef3dca0b9559c4167 base-auth.pamd 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b base-account.pamd da5d9a361abfc5b705e01a8da3a2e6de3ba394a0814307a65ec5b6c88ddae199d54b4d443204bf770f8daccb990777b68a5da716fb756932cf21f9046c839540 base-password.pamd |