From 56b866a746a902b55b95eebfb217a06c2fc3c1cf Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sat, 26 Jul 2008 19:05:08 -0700 Subject: New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uid changes for NIS+, since I know the old behavior was right and don't believe anyone has tested the new code. --- debian/changelog | 3 +++ debian/patches-applied/series | 1 + debian/patches-applied/setreuid_juggling.patch | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 debian/patches-applied/setreuid_juggling.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index fb1b702f..4957bf72 100644 --- a/debian/changelog +++ b/debian/changelog @@ -23,6 +23,9 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low hpux-style expiry information off of password fields is now supported. * New patch thread-safe_save_old_password.patch, to make sure all our getpwnam() use in pam_unix is thread-safe (fixes an upstream regression) + * New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uid + changes for NIS+, since I know the old behavior was right and don't + believe anyone has tested the new code. * The password-changing helper functionality for SELinux systems has been split out into a separate unix_update binary, so at long last we can change unix_chkpwd to be sgid shadow instead of suid root. diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 5e2cb2fc..3b410ab1 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -1,4 +1,5 @@ thread-safe_save_old_password.patch +setreuid_juggling.patch 007_modules_pam_unix 008_modules_pam_limits_chroot 021_nis_cleanup diff --git a/debian/patches-applied/setreuid_juggling.patch b/debian/patches-applied/setreuid_juggling.patch new file mode 100644 index 00000000..d8e36a90 --- /dev/null +++ b/debian/patches-applied/setreuid_juggling.patch @@ -0,0 +1,22 @@ +This particular setreuid() is only needed if we don't have any root +privs at all, so make it conditional like it was pre-1.0. + +Authors: Steve Langasek + +Upstream status: to be submitted + +Index: pam.deb/modules/pam_unix/passverify.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/passverify.c ++++ pam.deb/modules/pam_unix/passverify.c +@@ -187,8 +187,8 @@ + if (save_uid == (*pwd)->pw_uid) + setreuid(save_uid, save_euid); + else { +- setreuid(-1, 0); +- setreuid(save_uid, -1); ++ if (setreuid(-1, 0) == -1) ++ setreuid(save_uid, -1); + setreuid(-1, save_euid); + } + -- cgit v1.2.3