diff options
| author | Allison Karlitskaya <allison.karlitskaya@redhat.com> | 2020-11-05 14:06:53 +0100 |
|---|---|---|
| committer | Allison Karlitskaya <allison.karlitskaya@redhat.com> | 2020-11-10 14:48:25 +0100 |
| commit | 62d826471e87e27b39a36ccbeee58999e2514a92 (patch) | |
| tree | 245deb745de891e4c45d883035bb114001bd28ab /NEWS | |
| parent | ecd526743a27157c5210b0ce9867c43a2fa27784 (diff) | |
| download | pam-62d826471e87e27b39a36ccbeee58999e2514a92.tar.gz pam-62d826471e87e27b39a36ccbeee58999e2514a92.tar.bz2 pam-62d826471e87e27b39a36ccbeee58999e2514a92.zip | |
libpam: add supplementary groups on priv drop
Replace the setgroups(0, NULL) call in pam_modutil_drop_priv() with a
call to initgroups(). This makes sure that the user's supplementary
groups are also configured. Fall back to setgroups(0, NULL) in case the
initgroups() call fails.
This fixes the permission check in pam_motd: this feature was intended
to allow setting permissions on a motd file to prevent it from being
shown to users who are not a member of a particular group (for example,
wheel).
Closes #292
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -15,6 +15,8 @@ Release 1.5.0 * Removed deprecated pam_tally and pam_tally2 modules, use pam_faillock instead. * pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. +* libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly Release 1.4.0 * Multiple minor bug fixes and documentation improvements |