summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/pam_unix_acct.c7
-rw-r--r--modules/pam_unix/support.c5
2 files changed, 10 insertions, 2 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 865dc290..8ec44492 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+ printf("-1\n");
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 9284dbaa..19d72e66 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D(("setuid failed"));
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 14:06:31 +0000