blob: 5a94c25ddff78514e53d05f5d8869aca51c5f375 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 11 Sep 2023 14:00:42 -0600
Subject: pam_unix_dont_trust_chkpwd_caller
Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd
helper could be sgid shadow instead of suid root, as it is in Debian and
Ubuntu by default. Drop any sgid bits as well.
Authors: Steve Langasek <vorlon@debian.org>,
Michael Spang <mspang@csclub.uwaterloo.ca>
Upstream status: to be submitted
---
modules/pam_unix/unix_chkpwd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 556a2e2..5e7b571 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -138,9 +138,10 @@ int main(int argc, char *argv[])
/* if the caller specifies the username, verify that user
matches it */
if (user == NULL || strcmp(user, argv[1])) {
+ gid_t gid = getgid();
user = argv[1];
/* no match -> permanently change to the real user and proceed */
- if (setuid(getuid()) != 0)
+ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0)
return PAM_AUTH_ERR;
}
}
|