diff options
Diffstat (limited to 'debian/patches/Set-group-and-mode-for-g-shadow-files.patch')
| -rw-r--r-- | debian/patches/Set-group-and-mode-for-g-shadow-files.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/debian/patches/Set-group-and-mode-for-g-shadow-files.patch b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch new file mode 100644 index 0000000..c5e21ac --- /dev/null +++ b/debian/patches/Set-group-and-mode-for-g-shadow-files.patch @@ -0,0 +1,77 @@ +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: Set group and mode for [g]shadow files + +Set group 'shadow' and mode 0400. + +Fixes: #166793 + +Gbp-Topic: debian +--- + lib/commonio.c | 12 ++++++++++++ + lib/sgroupio.c | 2 +- + lib/shadowio.c | 2 +- + 3 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/lib/commonio.c b/lib/commonio.c +index 01a26c9..72e53b0 100644 +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -21,6 +21,7 @@ + #include <errno.h> + #include <stdio.h> + #include <signal.h> ++#include <grp.h> + + #include "alloc.h" + #include "memzero.h" +@@ -956,12 +957,23 @@ int commonio_close (struct commonio_db *db) + if (errors != 0) + goto fail; + } else { ++ struct group *grp; + /* + * Default permissions for new [g]shadow files. + */ + sb.st_mode = db->st_mode; + sb.st_uid = db->st_uid; + sb.st_gid = db->st_gid; ++ ++ /* ++ * Try to retrieve the shadow's GID, and fall back to GID 0. ++ */ ++ if (sb.st_gid == 0) { ++ if ((grp = getgrnam("shadow")) != NULL) ++ sb.st_gid = grp->gr_gid; ++ else ++ sb.st_gid = 0; ++ } + } + + if (SNPRINTF(buf, "%s+", db->filename) == -1) +diff --git a/lib/sgroupio.c b/lib/sgroupio.c +index 0297df4..107b1e5 100644 +--- a/lib/sgroupio.c ++++ b/lib/sgroupio.c +@@ -209,7 +209,7 @@ static struct commonio_db gshadow_db = { + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ +diff --git a/lib/shadowio.c b/lib/shadowio.c +index d2c3b47..53dac0b 100644 +--- a/lib/shadowio.c ++++ b/lib/shadowio.c +@@ -85,7 +85,7 @@ static struct commonio_db shadow_db = { + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif /* WITH_SELINUX */ +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ |