Relevant BUGIDs: Red Hat bz 168180

Purpose of commit: bugfix Commit summary: --------------- 2005-10-26 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary), modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary), modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real uid to 0 before executing the helper if SELinux is enabled. * modules/pam_unix/unix_chkpwd.c (main): Disable user check only if real uid is 0 (CVE-2005-2977). Log failed password check attempt.
author: Tomas Mraz <tm@t8m.info> 2005-10-26 19:05:32 +0000
committer: Tomas Mraz <tm@t8m.info> 2005-10-26 19:05:32 +0000
commit: dba185605b1f9ce2d8d7e90b956abe9fa0487f24 (patch)
tree: f77ad7cda420c90dab1f795b4f459e2fd6c699e4 /NEWS
parent: d9b712775c5f1962d3490b43465537c3e28a8c49 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 2b829e3c..c31d57ee 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 Linux-PAM NEWS -- history of user-visible changes.
 
 * pam_xauth: Look for xauth executable in multiple places
+* pam_unix: Disable user check in unix_chkpwd only if real uid
+  is 0 (CVE-2005-2977). Log failed password check attempt.
 
 Release 0.99.1.0
author	Tomas Mraz <tm@t8m.info>	2005-10-26 19:05:32 +0000
committer	Tomas Mraz <tm@t8m.info>	2005-10-26 19:05:32 +0000
commit	dba185605b1f9ce2d8d7e90b956abe9fa0487f24 (patch)
tree	f77ad7cda420c90dab1f795b4f459e2fd6c699e4 /NEWS
parent	d9b712775c5f1962d3490b43465537c3e28a8c49 (diff)