debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use

setresgid() to wipe out saved-gid just in case.

2 files changed, 11 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index f386143e..1edb6d0b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pam (1.1.3-5) UNRELEASED; urgency=low
+
+  * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
+    setresgid() to wipe out saved-gid just in case.
+
+ -- Kees Cook <kees@debian.org>  Thu, 13 Oct 2011 12:31:03 -0700
+
 pam (1.1.3-4) unstable; urgency=low
 
   * Make sure shared library links are also installed to the multiarch
diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
index 80334841..87336651 100644
--- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
+++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
@@ -7,10 +7,10 @@ Authors: Steve Langasek <vorlon@debian.org>,
 
 Upstream status: to be submitted
 
-Index: pam.deb/modules/pam_unix/unix_chkpwd.c
+Index: pam-debian/modules/pam_unix/unix_chkpwd.c
 ===================================================================
---- pam.deb.orig/modules/pam_unix/unix_chkpwd.c
-+++ pam.deb/modules/pam_unix/unix_chkpwd.c
+--- pam-debian.orig/modules/pam_unix/unix_chkpwd.c	2011-10-10 16:22:06.270705822 -0700
++++ pam-debian/modules/pam_unix/unix_chkpwd.c	2011-10-10 16:24:06.080224301 -0700
 @@ -137,9 +137,10 @@
  	  /* if the caller specifies the username, verify that user
  	     matches it */
@@ -19,7 +19,7 @@ Index: pam.deb/modules/pam_unix/unix_chkpwd.c
  	    user = argv[1];
  	    /* no match -> permanently change to the real user and proceed */
 -	    if (setuid(getuid()) != 0)
-+	    if (setregid(gid, gid) != 0 || setuid(getuid()) != 0)
++	    if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0)
  		return PAM_AUTH_ERR;
  	  }
  	}