summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2009-08-26 09:30:35 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 21:25:58 -0800
commitc16e3322975dd3ced7817602e88be8b4557e5c6e (patch)
tree5563ab4d5053dd70f204f54da3b4f633a992dea3
parent0479c1803d02189638765f99cece21fd1ecc0e5a (diff)
debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch
to call setregid() instead of always returning an error on username mismatch in unix_chkpwd, needed in the SELinux case and in some corner cases with the broken_shadow option. Thanks to Michael Spang for the analysis. Closes: #543589.
-rw-r--r--debian/changelog10
-rw-r--r--debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch27
2 files changed, 22 insertions, 15 deletions
diff --git a/debian/changelog b/debian/changelog
index 60f3e5cb..a7aeffc5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+pam (1.1.0-2) UNRELEASED; urgency=low
+
+ * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch
+ to call setregid() instead of always returning an error on username
+ mismatch in unix_chkpwd, needed in the SELinux case and in some corner
+ cases with the broken_shadow option. Thanks to Michael Spang for the
+ analysis. Closes: #543589.
+
+ -- Steve Langasek <vorlon@debian.org> Wed, 26 Aug 2009 09:23:57 -0700
+
pam (1.1.0-1) unstable; urgency=low
* New upstream version.
diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
index ba36e8c8..80334841 100644
--- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
+++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
@@ -1,28 +1,25 @@
-Revert upstream change that causes unix_chkpwd to assume it's ok to
-attempt authentication for any username as long as we call
-setuid(getuid()) first. This is specifically *not* the case on Debian
-and Ubuntu, where unix_chkpwd is setgid shadow instead of setuid root.
+Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd
+helper could be sgid shadow instead of suid root, as it is in Debian and
+Ubuntu by default. Drop any sgid bits as well.
-Adding an additional setgid(getgid()) call may be enough to fix this,
-but this needs further examination before pushing out such a change.
+Authors: Steve Langasek <vorlon@debian.org>,
+ Michael Spang <mspang@csclub.uwaterloo.ca>
-Authors: Steve Langasek <vorlon@debian.org>
-
-Upstream status: Debian-specific, pending the above analysis
+Upstream status: to be submitted
Index: pam.deb/modules/pam_unix/unix_chkpwd.c
===================================================================
--- pam.deb.orig/modules/pam_unix/unix_chkpwd.c
+++ pam.deb/modules/pam_unix/unix_chkpwd.c
-@@ -101,10 +101,7 @@
+@@ -137,9 +137,10 @@
/* if the caller specifies the username, verify that user
matches it */
if (strcmp(user, argv[1])) {
-- user = argv[1];
-- /* no match -> permanently change to the real user and proceed */
++ gid_t gid = getgid();
+ user = argv[1];
+ /* no match -> permanently change to the real user and proceed */
- if (setuid(getuid()) != 0)
-- return PAM_AUTH_ERR;
-+ return PAM_AUTH_ERR;
++ if (setregid(gid, gid) != 0 || setuid(getuid()) != 0)
+ return PAM_AUTH_ERR;
}
}
-