diff options
Diffstat (limited to 'modules/pam_unix/unix_chkpwd.c')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 5f47133c..43fcbd82 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -110,8 +110,13 @@ int main(int argc, char *argv[]) /* if the caller specifies the username, verify that user matches it */ if (user == NULL || strcmp(user, argv[1])) { - /* no match -> permanently change to the real user and proceed */ - if (setuid(getuid()) != 0) + uid_t ruid = getuid(); + gid_t rgid = getgid(); + + /* no match -> permanently change to the real user and group, + * check for no-return, and proceed */ + if (setgid(rgid) != 0 || setuid(ruid) != 0 || + (rgid != 0 && setgid(0) != -1) || (ruid != 0 && setuid(0) != -1)) return PAM_AUTH_ERR; } user = argv[1]; |