diff options
Diffstat (limited to 'debian/patches-applied/046_pam_group_example')
-rw-r--r-- | debian/patches-applied/046_pam_group_example | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/patches-applied/046_pam_group_example b/debian/patches-applied/046_pam_group_example new file mode 100644 index 00000000..c885c822 --- /dev/null +++ b/debian/patches-applied/046_pam_group_example @@ -0,0 +1,27 @@ +Patch for Debian bug #197080 + +Don't use the 'games' group as an example in group.conf, this is a +potential security hole. + +Authors: Peter Cordes <peter@llama.nslug.ns.ca> + +Upstream status: committed to CVS + +Index: Linux-PAM/modules/pam_group/group.conf +=================================================================== +--- Linux-PAM/modules/pam_group/group.conf.orig ++++ Linux-PAM/modules/pam_group/group.conf +@@ -88,10 +88,11 @@ + # + # another example: running 'xsh' on tty* (any ttyXXX device), + # the user 'sword' is given access to games (through membership of +-# the floppy group) after work hours ++# the sound and play group) after work hours. (The games group owns ++# high-score files and so on, so don't ever give users access to it.) + # + +-#xsh; tty* ;sword;!Wk0900-1800;games, sound ++#xsh; tty* ;sword;!Wk0900-1800;sound, play + #xsh; tty* ;*;Al0900-1800;floppy + + # |