summaryrefslogtreecommitdiffstats
path: root/debian/patches/501_commonio_group_shadow
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:50:01 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:50:01 +0000
commitdf4dbd3378e13e9f43c727c36339f078fe3093fe (patch)
tree9edf4a31373538bd239af5be10e00f5a449d3d0e /debian/patches/501_commonio_group_shadow
parentAdding upstream version 1:4.8.1. (diff)
downloadshadow-df4dbd3378e13e9f43c727c36339f078fe3093fe.tar.xz
shadow-df4dbd3378e13e9f43c727c36339f078fe3093fe.zip
Adding debian version 1:4.8.1-1.debian/1%4.8.1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/501_commonio_group_shadow')
-rw-r--r--debian/patches/501_commonio_group_shadow60
1 files changed, 60 insertions, 0 deletions
diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow
new file mode 100644
index 0000000..171382a
--- /dev/null
+++ b/debian/patches/501_commonio_group_shadow
@@ -0,0 +1,60 @@
+Goal: save the [g]shadow files with the 'shadow' group and mode 0440
+
+Fixes: #166793
+
+--- a/lib/commonio.c
++++ b/lib/commonio.c
+@@ -44,6 +44,7 @@
+ #include <errno.h>
+ #include <stdio.h>
+ #include <signal.h>
++#include <grp.h>
+ #include "nscd.h"
+ #include "sssd.h"
+ #ifdef WITH_TCB
+@@ -986,12 +987,23 @@
+ goto fail;
+ }
+ } else {
++ struct group *grp;
+ /*
+ * Default permissions for new [g]shadow files.
+ */
+ sb.st_mode = db->st_mode;
+ sb.st_uid = db->st_uid;
+ sb.st_gid = db->st_gid;
++
++ /*
++ * Try to retrieve the shadow's GID, and fall back to GID 0.
++ */
++ if (sb.st_gid == 0) {
++ if ((grp = getgrnam("shadow")) != NULL)
++ sb.st_gid = grp->gr_gid;
++ else
++ sb.st_gid = 0;
++ }
+ }
+
+ snprintf (buf, sizeof buf, "%s+", db->filename);
+--- a/lib/sgroupio.c
++++ b/lib/sgroupio.c
+@@ -229,7 +229,7 @@
+ #ifdef WITH_SELINUX
+ NULL, /* scontext */
+ #endif
+- 0400, /* st_mode */
++ 0440, /* st_mode */
+ 0, /* st_uid */
+ 0, /* st_gid */
+ NULL, /* head */
+--- a/lib/shadowio.c
++++ b/lib/shadowio.c
+@@ -105,7 +105,7 @@
+ #ifdef WITH_SELINUX
+ NULL, /* scontext */
+ #endif /* WITH_SELINUX */
+- 0400, /* st_mode */
++ 0440, /* st_mode */
+ 0, /* st_uid */
+ 0, /* st_gid */
+ NULL, /* head */