diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2024-01-04 18:23:58 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-15 20:01:23 +0000 |
| commit | 8e577fb4c55674260143a325c01f47d8dff712af (patch) | |
| tree | 94347b845f5963a6fe4937e2b29494c630936dde /modules | |
| parent | b23d337b86488d23b2f77fc71a5de30348af671d (diff) | |
| download | pam-8e577fb4c55674260143a325c01f47d8dff712af.tar.gz pam-8e577fb4c55674260143a325c01f47d8dff712af.tar.bz2 pam-8e577fb4c55674260143a325c01f47d8dff712af.zip | |
pam_unix: support setgid version of unix_chkpwd(8)
In case unix_chkpwd(8) is not a setuid but a setgid binary, reset to the
real group as well.
Also check the privileges are permanently lost, see:
https://wiki.sei.cmu.edu/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful
See also the current Debian patch:
https://sources.debian.org/src/pam/1.5.2-9.1/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch/
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 5f47133c..43fcbd82 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -110,8 +110,13 @@ int main(int argc, char *argv[]) /* if the caller specifies the username, verify that user matches it */ if (user == NULL || strcmp(user, argv[1])) { - /* no match -> permanently change to the real user and proceed */ - if (setuid(getuid()) != 0) + uid_t ruid = getuid(); + gid_t rgid = getgid(); + + /* no match -> permanently change to the real user and group, + * check for no-return, and proceed */ + if (setgid(rgid) != 0 || setuid(ruid) != 0 || + (rgid != 0 && setgid(0) != -1) || (ruid != 0 && setuid(0) != -1)) return PAM_AUTH_ERR; } user = argv[1]; |