diff options
Diffstat (limited to 'modules/pam_unix/support.c')
| -rw-r--r-- | modules/pam_unix/support.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 3ed4b1f3..38a5d88b 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -521,6 +521,13 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, close(i); } } + + if (SELINUX_ENABLED && geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ + setuid(0); + } + /* exec binary helper */ args[0] = x_strdup(CHKPWD_HELPER); args[1] = x_strdup(user); |