pam_unix: try to set uid to 0 for unix_chkpwd - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tobias Stoeckmann <tobias@stoeckmann.org>	2024-01-24 18:57:42 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-24 21:48:21 +0000
commit	b7b96362087414e52524d3d9d9b3faa21e1db620 (patch)
tree	f9784174d769012b7f193150a37553ec11fd6760 /libpam
parent	54a0aee65b3d8129a55ece62ab8540f1cac3e929 (diff)
download	pam-b7b96362087414e52524d3d9d9b3faa21e1db620.tar.gz pam-b7b96362087414e52524d3d9d9b3faa21e1db620.tar.bz2 pam-b7b96362087414e52524d3d9d9b3faa21e1db620.zip

pam_unix: try to set uid to 0 for unix_chkpwd

The geteuid check does not cover all cases. If a program runs with elevated capabilities like CAP_SETUID then we can still check credentials of other users. Keep logging for future analysis though. Resolves: https://github.com/linux-pam/linux-pam/issues/747 Fixes: b3020da7da38 ("pam_unix/passverify: always run the helper to obtain shadow password file entries") Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Diffstat (limited to 'libpam')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: