1 | Summary: nsswitch proxy module to prevent local account spoofing |
---|
2 | Group: System Environment/Libraries |
---|
3 | Name: nss_nonlocal |
---|
4 | Version: 2.1 |
---|
5 | Release: 1 |
---|
6 | URL: http://debathena.mit.edu/nss_nonlocal/ |
---|
7 | BuildRequires: autoconf |
---|
8 | BuildRequires: automake |
---|
9 | BuildRequires: libtool |
---|
10 | License: LGPLv2+ |
---|
11 | Source: %{name}.tar.gz |
---|
12 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
---|
13 | Requires(pre): shadow-utils |
---|
14 | |
---|
15 | %description |
---|
16 | This nsswitch module acts as a proxy for other nsswitch modules like hesiod, |
---|
17 | but prevents non-local users from potentially gaining local privileges by |
---|
18 | spoofing local UIDs and GIDs. |
---|
19 | |
---|
20 | %prep |
---|
21 | %setup -q -n %{name} |
---|
22 | |
---|
23 | cat >find_requires.sh <<EOF |
---|
24 | #!/bin/sh |
---|
25 | %{__find_requires} | grep -v GLIBC_PRIVATE |
---|
26 | exit 0 |
---|
27 | EOF |
---|
28 | chmod +x find_requires.sh |
---|
29 | %define _use_internal_dependency_generator 0 |
---|
30 | %define __find_requires %{_builddir}/%{buildsubdir}/find_requires.sh |
---|
31 | |
---|
32 | %build |
---|
33 | autoreconf -i |
---|
34 | %configure --libdir=/%{_lib} |
---|
35 | make |
---|
36 | |
---|
37 | %install |
---|
38 | [ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT |
---|
39 | make install DESTDIR=$RPM_BUILD_ROOT |
---|
40 | |
---|
41 | %clean |
---|
42 | [ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT |
---|
43 | |
---|
44 | %files |
---|
45 | %defattr(-, root, root) |
---|
46 | %doc README |
---|
47 | /%{_lib}/libnss_nonlocal.so.* |
---|
48 | |
---|
49 | %pre |
---|
50 | getent passwd nss-nonlocal-users >/dev/null || \ |
---|
51 | useradd -r -g nobody -d / -s /sbin/nologin \ |
---|
52 | -c 'Magic user for local group whitelist' nss-nonlocal-users |
---|
53 | getent group nss-local-users || groupadd -r nss-local-users |
---|
54 | getent group nss-nonlocal-users || groupadd -r nss-nonlocal-users |
---|
55 | exit 0 |
---|
56 | |
---|
57 | %post |
---|
58 | /sbin/ldconfig |
---|
59 | |
---|
60 | %postun |
---|
61 | /sbin/ldconfig |
---|
62 | |
---|
63 | %changelog |
---|
64 | |
---|
65 | * Thu Jun 13 2013 Anders Kaseorg <andersk@mit.edu> 2.1-1 |
---|
66 | - New upstream version. |
---|
67 | |
---|
68 | * Tue Mar 29 2011 Anders Kaseorg <andersk@mit.edu> 2.0-1 |
---|
69 | - New upstream version. |
---|
70 | |
---|
71 | * Sun May 2 2010 Anders Kaseorg <andersk@mit.edu> 1.11-1 |
---|
72 | - New upstream version. |
---|
73 | |
---|
74 | * Fri Mar 12 2010 Mitchell Berger <mitchb@mit.edu> 1.9-1 |
---|
75 | - Per Fedora packaging guidelines, don't ever remove groups. |
---|
76 | - Rebuild to ensure that the nss-nonlocal-users group is added, even if it was |
---|
77 | previously rejected by a buggy groupadd with an incorrect name length limit. |
---|
78 | |
---|
79 | * Thu May 8 2008 Anders Kaseorg <andersk@mit.edu> 1.6-0 |
---|
80 | - Initial RPM release. |
---|