1 files changed, 0 insertions, 25 deletions

diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
deleted file mode 100644
index 6a9e525e..00000000
--- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd
-helper could be sgid shadow instead of suid root, as it is in Debian and
-Ubuntu by default.  Drop any sgid bits as well.
-
-Authors: Steve Langasek <vorlon@debian.org>,
-         Michael Spang <mspang@csclub.uwaterloo.ca>
-
-Upstream status: to be submitted
-
-Index: pam/modules/pam_unix/unix_chkpwd.c
-===================================================================
---- pam.orig/modules/pam_unix/unix_chkpwd.c
-+++ pam/modules/pam_unix/unix_chkpwd.c
-@@ -138,9 +138,10 @@
- 	  /* if the caller specifies the username, verify that user
- 	     matches it */
- 	  if (user == NULL || strcmp(user, argv[1])) {
-+	    gid_t gid = getgid();
- 	    user = argv[1];
- 	    /* no match -> permanently change to the real user and proceed */
--	    if (setuid(getuid()) != 0)
-+	    if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0)
- 		return PAM_AUTH_ERR;
- 	  }
- 	}