chsh, chfn: remove readline support [CVE-2022-0563]

The readline library uses INPUTRC= environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. Unfortunately, the library does not use secure_getenv() (or a similar concept) to avoid vulnerabilities that could occur if set-user-ID or set-group-ID programs. Reported-by: Rory Mackie <rory.mackie@trailofbits.com> Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak <kzak@redhat.com> 2022-02-10 12:03:17 +0100
committer: Karel Zak <kzak@redhat.com> 2022-02-14 12:27:40 +0100
commit: faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 (patch)
tree: 530cfd0c317576d1b274cb8c65d1224bcd67b746 /login-utils/Makemodule.am
parent: 43485143623b46f54ed3cac13f159566d32c3675 (diff)
download: util-linux-faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index 75c0a6756..2d0547a16 100644
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -109,7 +109,7 @@ chfn_chsh_sources = \
 	login-utils/ch-common.c
 chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
 chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS)
+chfn_chsh_ldadd = libcommon.la
 
 if CHFN_CHSH_PASSWORD
 chfn_chsh_ldadd += -lpam
author	Karel Zak <kzak@redhat.com>	2022-02-10 12:03:17 +0100
committer	Karel Zak <kzak@redhat.com>	2022-02-14 12:27:40 +0100
commit	faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 (patch)
tree	530cfd0c317576d1b274cb8c65d1224bcd67b746 /login-utils/Makemodule.am
parent	43485143623b46f54ed3cac13f159566d32c3675 (diff)
download	util-linux-faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17.tar.gz