diff options
author | Steve Langasek <vorlon@debian.org> | 2008-07-27 01:26:23 -0700 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:28:18 -0800 |
commit | 9359f1c2804c265ace0b57ffef1761100a06c6cd (patch) | |
tree | 49c0c8b4640bb912fd9f4bf7bb7aa5e106b964c7 /debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch | |
parent | 34f77a041c55ea3734a7b59a21ab5b7fb5d43e2a (diff) |
New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
Diffstat (limited to 'debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch')
-rw-r--r-- | debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch new file mode 100644 index 00000000..ba36e8c8 --- /dev/null +++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch @@ -0,0 +1,28 @@ +Revert upstream change that causes unix_chkpwd to assume it's ok to +attempt authentication for any username as long as we call +setuid(getuid()) first. This is specifically *not* the case on Debian +and Ubuntu, where unix_chkpwd is setgid shadow instead of setuid root. + +Adding an additional setgid(getgid()) call may be enough to fix this, +but this needs further examination before pushing out such a change. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: Debian-specific, pending the above analysis + +Index: pam.deb/modules/pam_unix/unix_chkpwd.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/unix_chkpwd.c ++++ pam.deb/modules/pam_unix/unix_chkpwd.c +@@ -101,10 +101,7 @@ + /* if the caller specifies the username, verify that user + matches it */ + if (strcmp(user, argv[1])) { +- user = argv[1]; +- /* no match -> permanently change to the real user and proceed */ +- if (setuid(getuid()) != 0) +- return PAM_AUTH_ERR; ++ return PAM_AUTH_ERR; + } + } + |