diff options
| author | Steve Langasek <vorlon@debian.org> | 2008-07-25 17:02:00 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:01:53 -0800 |
| commit | bdb63761bcd55b3f01d653824c1f3990bbda45c0 (patch) | |
| tree | 74d9a525fa627b1f9472fdc7f31e6220e17cd01b /debian | |
| parent | ffe5367d73e3627e46df9f4843f92b7dde590a6c (diff) | |
The password-changing helper functionality for SELinux systems has been
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
Closes: #155583.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rwxr-xr-x | debian/rules | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index c9e8f397..7678c615 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,10 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low pam_rhosts_auth introduced upstream in 0.99.9.0: we want to cast the result of inet_addr to int32_t, not the result of a boolean *comparison* on inet_addr's result... + * The password-changing helper functionality for SELinux systems has been + split out into a separate unix_update binary, so at long last we can + change unix_chkpwd to be sgid shadow instead of suid root. + Closes: #155583. * Use a pristine upstream tarball instead of repacking; requires various changes to debian/rules and debhelper files. * Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn, diff --git a/debian/rules b/debian/rules index 89bff84f..ad9ccc9b 100755 --- a/debian/rules +++ b/debian/rules @@ -137,7 +137,8 @@ binary-arch: install dh_strip -a dh_compress -a dh_fixperms -a - chmod 04755 $(d)/libpam-modules/sbin/unix_chkpwd + chmod 02755 $(d)/libpam-modules/sbin/unix_chkpwd + chgrp shadow $(d)/libpam-modules/sbin/unix_chkpwd dh_makeshlibs -plibpam0g -V "libpam0g (>= 0.99.7.1)" dh_installdeb -a dh_shlibdeps -a -L libpam0g -l$(CURDIR)/debian/libpam0g/lib |