diff options
| author | Jeremy Blosser | 2007-02-08 21:55:51 -0600 |
|---|---|---|
| committer | Jaka Kranjc | 2007-02-13 20:30:22 +0100 |
| commit | 0e2be0ac88508acf0a255bb84632dbc26cf5afc5 (patch) | |
| tree | 5ce38c08fad60d84c9fb328384481eb1cf2a3e9a | |
| parent | 77b7ab664d515e2fb26b16080efd2a41a41de4a9 (diff) | |
linux-pam: add a query to make unix_chkpwd suid root like older PAMs did
(cherry picked from commit f8a1a13f6a70e9037a38743059792fc2d89d5e96)
| -rwxr-xr-x | security-libs/linux-pam/CONFIGURE | 18 | ||||
| -rwxr-xr-x | security-libs/linux-pam/DETAILS | 2 | ||||
| -rw-r--r-- | security-libs/linux-pam/HISTORY | 6 | ||||
| -rwxr-xr-x | security-libs/linux-pam/INSTALL | 4 |
4 files changed, 27 insertions, 3 deletions
diff --git a/security-libs/linux-pam/CONFIGURE b/security-libs/linux-pam/CONFIGURE index 361d7d98b8..7be2652cb4 100755 --- a/security-libs/linux-pam/CONFIGURE +++ b/security-libs/linux-pam/CONFIGURE @@ -1,3 +1,17 @@ -config_query PAM_SECTTY "Install a default /etc/securetty?" n && -config_query PAM_SELINUX "Enable selinux support?" n && +PATH=$PATH:/lib/security + +local chkpwd_suid_default && + +if hash unix_chkpwd >&/dev/null && [ -u $(hash -t unix_chkpwd) ]; then + chkpwd_suid_default=y +else + chkpwd_suid_default=n +fi && + +config_query PAM_CHKPWD_SUID \ + "Install unix_chkpwd suid root so non-root programs can authenticate?" \ + $chkpwd_suid_default && + +config_query PAM_SECTTY "Install a default /etc/securetty?" n && +config_query PAM_SELINUX "Enable selinux support?" n && config_query PAM_DOCS "Build documentation?" n diff --git a/security-libs/linux-pam/DETAILS b/security-libs/linux-pam/DETAILS index 4708d66387..849c3c358a 100755 --- a/security-libs/linux-pam/DETAILS +++ b/security-libs/linux-pam/DETAILS @@ -15,7 +15,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/Linux-PAM-$VERSION WEB_SITE=http://www.us.kernel.org/pub/linux/libs/pam ENTERED=20010922 LICENSE[0]=GPL - PATCHLEVEL=4 + PATCHLEVEL=5 KEYWORDS="security libs" SHORT="Linux-PAM provides a flexibile authentication mechanism." cat << EOF diff --git a/security-libs/linux-pam/HISTORY b/security-libs/linux-pam/HISTORY index ef1c8c7b7f..07ee9c65af 100644 --- a/security-libs/linux-pam/HISTORY +++ b/security-libs/linux-pam/HISTORY @@ -1,3 +1,9 @@ +2007-02-08 Jeremy Blosser <jblosser-smgl@firinn.org> + * CONFIGURE, INSTALL: Add a query to set unix_chkpwd suid root like + older PAM versions did. Non-root apps can't use shadow passwords + otherwise. Bug #13509. + * DETAILS: PATCHLEVEL++. + 2007-01-14 Thomas Orgis <sobukus@sourcemage.org> * BUILD: install libs to /lib instead of /usr/lib as they are needed by the essential su, (refer to FHS and common sense) diff --git a/security-libs/linux-pam/INSTALL b/security-libs/linux-pam/INSTALL index 545479f7d5..05d02bc0a2 100755 --- a/security-libs/linux-pam/INSTALL +++ b/security-libs/linux-pam/INSTALL @@ -1,5 +1,9 @@ make install && +if [ "$PAM_CHKPWD_SUID" == "y" ]; then + chmod u+s $INSTALL_ROOT/lib/security/unix_chkpwd +fi && + # this is a BUG, the SA should decide if/when selinux is configured # properly. Activating it before that breaks login, which is BAD. #if [ "$PAM_SELINUX" == "y" ]; then |