diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2021-06-26 14:18:08 -0700 |
|---|---|---|
| committer | Tomáš Mráz <tm@t8m.info> | 2021-06-29 12:22:12 +0200 |
| commit | f220cace205332a3dc34e7b37a85e7627e097e7d (patch) | |
| tree | 08069693a1031424b7c9dc54ce20d8e09c1ed292 /modules/pam_namespace/argv_parse.c | |
| parent | fe1307512fb8892b5ceb3d884c793af8dbd4c16a (diff) | |
| download | pam-f220cace205332a3dc34e7b37a85e7627e097e7d.tar.gz pam-f220cace205332a3dc34e7b37a85e7627e097e7d.tar.bz2 pam-f220cace205332a3dc34e7b37a85e7627e097e7d.zip | |
Permit unix_chkpwd & pam_unix.so to run without being setuid-root.
Remove the hard-coding of the idea that the only way pam_unix.so can
read the shadow file is if it can, in some way, run setuid-root.
Linux capabilities only require cap_dac_override to read the /etc/shadow
file.
This change achieves two things: it opens a path for a linux-pam
application to run without being setuid-root; further, it allows
unix_chkpwd to run non-setuid-root if it is installed:
sudo setcap cap_dac_override=ep unix_chkpwd
If we wanted to link against libcap, we could install this binary with
cap_dac_override=p, and use cap_set_proc() to raise the effective bit
at runtime. However, some distributions already link unix_chkpwd
against libcap-ng for some, likely spurious, reason so "ep" is fine
for now.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'modules/pam_namespace/argv_parse.c')
0 files changed, 0 insertions, 0 deletions