From bdb63761bcd55b3f01d653824c1f3990bbda45c0 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 25 Jul 2008 17:02:00 -0700 Subject: The password-changing helper functionality for SELinux systems has been split out into a separate unix_update binary, so at long last we can change unix_chkpwd to be sgid shadow instead of suid root. Closes: #155583. --- debian/changelog | 4 ++++ debian/rules | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index c9e8f397..7678c615 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,10 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low pam_rhosts_auth introduced upstream in 0.99.9.0: we want to cast the result of inet_addr to int32_t, not the result of a boolean *comparison* on inet_addr's result... + * The password-changing helper functionality for SELinux systems has been + split out into a separate unix_update binary, so at long last we can + change unix_chkpwd to be sgid shadow instead of suid root. + Closes: #155583. * Use a pristine upstream tarball instead of repacking; requires various changes to debian/rules and debhelper files. * Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn, diff --git a/debian/rules b/debian/rules index 89bff84f..ad9ccc9b 100755 --- a/debian/rules +++ b/debian/rules @@ -137,7 +137,8 @@ binary-arch: install dh_strip -a dh_compress -a dh_fixperms -a - chmod 04755 $(d)/libpam-modules/sbin/unix_chkpwd + chmod 02755 $(d)/libpam-modules/sbin/unix_chkpwd + chgrp shadow $(d)/libpam-modules/sbin/unix_chkpwd dh_makeshlibs -plibpam0g -V "libpam0g (>= 0.99.7.1)" dh_installdeb -a dh_shlibdeps -a -L libpam0g -l$(CURDIR)/debian/libpam0g/lib -- cgit v1.2.3