blob: 11d4ee315bde3af64fbbc2718cc069671d9d185d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd
helper could be sgid shadow instead of suid root, as it is in Debian and
Ubuntu by default. Drop any sgid bits as well.
Authors: Steve Langasek <vorlon@debian.org>,
Michael Spang <mspang@csclub.uwaterloo.ca>
Upstream status: to be submitted
Index: pam/modules/pam_unix/unix_chkpwd.c
===================================================================
--- pam.orig/modules/pam_unix/unix_chkpwd.c
+++ pam/modules/pam_unix/unix_chkpwd.c
@@ -137,9 +137,10 @@
/* if the caller specifies the username, verify that user
matches it */
if (strcmp(user, argv[1])) {
+ gid_t gid = getgid();
user = argv[1];
/* no match -> permanently change to the real user and proceed */
- if (setuid(getuid()) != 0)
+ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0)
return PAM_AUTH_ERR;
}
}
|
