summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2008-07-26 19:05:08 -0700
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:01:54 -0800
commit56b866a746a902b55b95eebfb217a06c2fc3c1cf (patch)
treebc07e3e747fc76ffc2d1030fcd6120fc65f21ced /debian
parentbeed1164bfe7837523c4e842bc8ffcde208559b2 (diff)
New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uid
changes for NIS+, since I know the old behavior was right and don't believe anyone has tested the new code.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog3
-rw-r--r--debian/patches-applied/series1
-rw-r--r--debian/patches-applied/setreuid_juggling.patch22
3 files changed, 26 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index fb1b702f..4957bf72 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,6 +23,9 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low
hpux-style expiry information off of password fields is now supported.
* New patch thread-safe_save_old_password.patch, to make sure all our
getpwnam() use in pam_unix is thread-safe (fixes an upstream regression)
+ * New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uid
+ changes for NIS+, since I know the old behavior was right and don't
+ believe anyone has tested the new code.
* The password-changing helper functionality for SELinux systems has been
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 5e2cb2fc..3b410ab1 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -1,4 +1,5 @@
thread-safe_save_old_password.patch
+setreuid_juggling.patch
007_modules_pam_unix
008_modules_pam_limits_chroot
021_nis_cleanup
diff --git a/debian/patches-applied/setreuid_juggling.patch b/debian/patches-applied/setreuid_juggling.patch
new file mode 100644
index 00000000..d8e36a90
--- /dev/null
+++ b/debian/patches-applied/setreuid_juggling.patch
@@ -0,0 +1,22 @@
+This particular setreuid() is only needed if we don't have any root
+privs at all, so make it conditional like it was pre-1.0.
+
+Authors: Steve Langasek <steve.langasek@canonical.com>
+
+Upstream status: to be submitted
+
+Index: pam.deb/modules/pam_unix/passverify.c
+===================================================================
+--- pam.deb.orig/modules/pam_unix/passverify.c
++++ pam.deb/modules/pam_unix/passverify.c
+@@ -187,8 +187,8 @@
+ if (save_uid == (*pwd)->pw_uid)
+ setreuid(save_uid, save_euid);
+ else {
+- setreuid(-1, 0);
+- setreuid(save_uid, -1);
++ if (setreuid(-1, 0) == -1)
++ setreuid(save_uid, -1);
+ setreuid(-1, save_euid);
+ }
+