diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2022-04-25 11:33:27 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2022-04-25 11:33:27 -0700 |
| commit | ed8beed9a35b961f2fe31d47b3730e29b5e22466 (patch) | |
| tree | ee479bd56a4aa29f78196b3183a05ae650a52fb6 /patches-applied/pam_unix_dont_trust_chkpwd_caller.patch | |
| download | pam-ed8beed9a35b961f2fe31d47b3730e29b5e22466.tar.gz pam-ed8beed9a35b961f2fe31d47b3730e29b5e22466.tar.bz2 pam-ed8beed9a35b961f2fe31d47b3730e29b5e22466.zip | |
Import pam_1.4.0-12.debian.tar.xz
[dgit import tarball pam 1.4.0-12 pam_1.4.0-12.debian.tar.xz]
Diffstat (limited to 'patches-applied/pam_unix_dont_trust_chkpwd_caller.patch')
| -rw-r--r-- | patches-applied/pam_unix_dont_trust_chkpwd_caller.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch new file mode 100644 index 00000000..11d4ee31 --- /dev/null +++ b/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch @@ -0,0 +1,25 @@ +Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd +helper could be sgid shadow instead of suid root, as it is in Debian and +Ubuntu by default. Drop any sgid bits as well. + +Authors: Steve Langasek <vorlon@debian.org>, + Michael Spang <mspang@csclub.uwaterloo.ca> + +Upstream status: to be submitted + +Index: pam/modules/pam_unix/unix_chkpwd.c +=================================================================== +--- pam.orig/modules/pam_unix/unix_chkpwd.c ++++ pam/modules/pam_unix/unix_chkpwd.c +@@ -137,9 +137,10 @@ + /* if the caller specifies the username, verify that user + matches it */ + if (strcmp(user, argv[1])) { ++ gid_t gid = getgid(); + user = argv[1]; + /* no match -> permanently change to the real user and proceed */ +- if (setuid(getuid()) != 0) ++ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0) + return PAM_AUTH_ERR; + } + } |