summaryrefslogtreecommitdiff
path: root/debian/patches-applied/046_pam_group_example
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/046_pam_group_example')
-rw-r--r--debian/patches-applied/046_pam_group_example27
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/patches-applied/046_pam_group_example b/debian/patches-applied/046_pam_group_example
new file mode 100644
index 00000000..c885c822
--- /dev/null
+++ b/debian/patches-applied/046_pam_group_example
@@ -0,0 +1,27 @@
+Patch for Debian bug #197080
+
+Don't use the 'games' group as an example in group.conf, this is a
+potential security hole.
+
+Authors: Peter Cordes <peter@llama.nslug.ns.ca>
+
+Upstream status: committed to CVS
+
+Index: Linux-PAM/modules/pam_group/group.conf
+===================================================================
+--- Linux-PAM/modules/pam_group/group.conf.orig
++++ Linux-PAM/modules/pam_group/group.conf
+@@ -88,10 +88,11 @@
+ #
+ # another example: running 'xsh' on tty* (any ttyXXX device),
+ # the user 'sword' is given access to games (through membership of
+-# the floppy group) after work hours
++# the sound and play group) after work hours. (The games group owns
++# high-score files and so on, so don't ever give users access to it.)
+ #
+
+-#xsh; tty* ;sword;!Wk0900-1800;games, sound
++#xsh; tty* ;sword;!Wk0900-1800;sound, play
+ #xsh; tty* ;*;Al0900-1800;floppy
+
+ #
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 13:22:41 +0000