pam_unix: support setgid version of unix_chkpwd(8) - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Christian Göttsche <cgzones@googlemail.com>	2024-01-04 18:23:58 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-15 20:01:23 +0000
commit	8e577fb4c55674260143a325c01f47d8dff712af (patch)
tree	94347b845f5963a6fe4937e2b29494c630936dde /modules/pam_unix/yppasswd.h
parent	b23d337b86488d23b2f77fc71a5de30348af671d (diff)
download	pam-8e577fb4c55674260143a325c01f47d8dff712af.tar.gz pam-8e577fb4c55674260143a325c01f47d8dff712af.tar.bz2 pam-8e577fb4c55674260143a325c01f47d8dff712af.zip

pam_unix: support setgid version of unix_chkpwd(8)

In case unix_chkpwd(8) is not a setuid but a setgid binary, reset to the real group as well. Also check the privileges are permanently lost, see: https://wiki.sei.cmu.edu/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful See also the current Debian patch: https://sources.debian.org/src/pam/1.5.2-9.1/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch/

Diffstat (limited to 'modules/pam_unix/yppasswd.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: