diff options
| author | Steve Langasek <vorlon@debian.org> | 2009-08-26 09:30:35 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 21:25:58 -0800 |
| commit | c16e3322975dd3ced7817602e88be8b4557e5c6e (patch) | |
| tree | 5563ab4d5053dd70f204f54da3b4f633a992dea3 /debian | |
| parent | 0479c1803d02189638765f99cece21fd1ecc0e5a (diff) | |
debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch
to call setregid() instead of always returning an error on username
mismatch in unix_chkpwd, needed in the SELinux case and in some corner
cases with the broken_shadow option. Thanks to Michael Spang for the
analysis. Closes: #543589.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 10 | ||||
| -rw-r--r-- | debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch | 27 |
2 files changed, 22 insertions, 15 deletions
diff --git a/debian/changelog b/debian/changelog index 60f3e5cb..a7aeffc5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +pam (1.1.0-2) UNRELEASED; urgency=low + + * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch + to call setregid() instead of always returning an error on username + mismatch in unix_chkpwd, needed in the SELinux case and in some corner + cases with the broken_shadow option. Thanks to Michael Spang for the + analysis. Closes: #543589. + + -- Steve Langasek <vorlon@debian.org> Wed, 26 Aug 2009 09:23:57 -0700 + pam (1.1.0-1) unstable; urgency=low * New upstream version. diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch index ba36e8c8..80334841 100644 --- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch +++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch @@ -1,28 +1,25 @@ -Revert upstream change that causes unix_chkpwd to assume it's ok to -attempt authentication for any username as long as we call -setuid(getuid()) first. This is specifically *not* the case on Debian -and Ubuntu, where unix_chkpwd is setgid shadow instead of setuid root. +Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd +helper could be sgid shadow instead of suid root, as it is in Debian and +Ubuntu by default. Drop any sgid bits as well. -Adding an additional setgid(getgid()) call may be enough to fix this, -but this needs further examination before pushing out such a change. +Authors: Steve Langasek <vorlon@debian.org>, + Michael Spang <mspang@csclub.uwaterloo.ca> -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: Debian-specific, pending the above analysis +Upstream status: to be submitted Index: pam.deb/modules/pam_unix/unix_chkpwd.c =================================================================== --- pam.deb.orig/modules/pam_unix/unix_chkpwd.c +++ pam.deb/modules/pam_unix/unix_chkpwd.c -@@ -101,10 +101,7 @@ +@@ -137,9 +137,10 @@ /* if the caller specifies the username, verify that user matches it */ if (strcmp(user, argv[1])) { -- user = argv[1]; -- /* no match -> permanently change to the real user and proceed */ ++ gid_t gid = getgid(); + user = argv[1]; + /* no match -> permanently change to the real user and proceed */ - if (setuid(getuid()) != 0) -- return PAM_AUTH_ERR; -+ return PAM_AUTH_ERR; ++ if (setregid(gid, gid) != 0 || setuid(getuid()) != 0) + return PAM_AUTH_ERR; } } - |