diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:22:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:22:53 +0000 |
commit | f4b22a2f215f6f80558d9e4075c9de306c8b9953 (patch) | |
tree | 05142dd668b11fc304d1c15faa52dee3784f8fa0 /debian/patches-applied/hurd_no_setfsuid | |
parent | Adding upstream version 1.5.2. (diff) | |
download | pam-debian.tar.xz pam-debian.zip |
Adding debian version 1.5.2-6+deb12u1.debian/1.5.2-6+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches-applied/hurd_no_setfsuid')
-rw-r--r-- | debian/patches-applied/hurd_no_setfsuid | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid new file mode 100644 index 0000000..00610a8 --- /dev/null +++ b/debian/patches-applied/hurd_no_setfsuid @@ -0,0 +1,77 @@ +On systems without setfsuid(), use setreuid() instead. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv + are implemented + +Index: pam/libpam/pam_modutil_priv.c +=================================================================== +--- pam.orig/libpam/pam_modutil_priv.c ++++ pam/libpam/pam_modutil_priv.c +@@ -14,7 +14,9 @@ + #include <syslog.h> + #include <pwd.h> + #include <grp.h> ++#ifdef HAVE_SYS_FSUID_H + #include <sys/fsuid.h> ++#endif /* HAVE_SYS_FSUID_H */ + + /* + * Two setfsuid() calls in a row are necessary to check +@@ -22,17 +24,55 @@ + */ + static int change_uid(uid_t uid, uid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + uid_t tmp = setfsuid(uid); + if (save) + *save = tmp; + return (uid_t) setfsuid(uid) == uid ? 0 : -1; ++#else ++ uid_t euid = geteuid(); ++ uid_t ruid = getuid(); ++ if (save) ++ *save = ruid; ++ if (ruid == uid && uid != 0) ++ if (setreuid(euid, uid)) ++ return -1; ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) ++ return -1; ++ } ++ } ++#endif + } + static int change_gid(gid_t gid, gid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + gid_t tmp = setfsgid(gid); + if (save) + *save = tmp; + return (gid_t) setfsgid(gid) == gid ? 0 : -1; ++#else ++ gid_t egid = getegid(); ++ gid_t rgid = getgid(); ++ if (save) ++ *save = rgid; ++ if (rgid == gid) ++ if (setregid(egid, gid)) ++ return -1; ++ else { ++ setregid(0, -1); ++ if (setregid(-1, gid)) { ++ setregid(-1, 0); ++ setregid(0, -1); ++ if (setregid(-1, gid)) ++ return -1; ++ } ++ } ++#endif + } + + static int cleanup(struct pam_modutil_privs *p) |