42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
|
--- modules/pam_unix/pam_unix_acct.c
|
||
|
|
+++ modules/pam_unix/pam_unix_acct.c 2013/09/12 07:19:05
|
||
|
|
@@ -121,7 +121,12 @@
|
||
|
|
if (geteuid() == 0) {
|
||
|
|
/* must set the real uid to 0 so the helper will not error
|
||
|
|
out if pam is called from setuid binary (su, sudo...) */
|
||
|
|
- setuid(0);
|
||
|
|
+ if (setuid(0) == -1) {
|
||
|
|
+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
|
||
|
|
+ printf("-1\n");
|
||
|
|
+ fflush(stdout);
|
||
|
|
+ _exit(PAM_AUTHINFO_UNAVAIL);
|
||
|
|
+ }
|
||
|
|
}
|
||
|
|
|
||
|
|
/* exec binary helper */
|
||
|
|
--- modules/pam_unix/pam_unix_passwd.c
|
||
|
|
+++ modules/pam_unix/pam_unix_passwd.c 2013/09/12 07:24:40
|
||
|
|
@@ -255,7 +255,7 @@
|
||
|
|
close(fds[0]); /* close here to avoid possible SIGPIPE above */
|
||
|
|
close(fds[1]);
|
||
|
|
/* wait for helper to complete: */
|
||
|
|
- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
|
||
|
|
+ while ((rc=waitpid(child, &retval, 0) < 0) && errno == EINTR);
|
||
|
|
if (rc<0) {
|
||
|
|
pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
|
||
|
|
retval = PAM_AUTHTOK_ERR;
|
||
|
|
--- modules/pam_unix/support.c
|
||
|
|
+++ modules/pam_unix/support.c 2013/09/12 07:20:51
|
||
|
|
@@ -586,7 +586,10 @@
|
||
|
|
if (geteuid() == 0) {
|
||
|
|
/* must set the real uid to 0 so the helper will not error
|
||
|
|
out if pam is called from setuid binary (su, sudo...) */
|
||
|
|
- setuid(0);
|
||
|
|
+ if (setuid(0) == -1) {
|
||
|
|
+ D(("setuid failed"));
|
||
|
|
+ _exit(PAM_AUTHINFO_UNAVAIL);
|
||
|
|
+ }
|
||
|
|
}
|
||
|
|
|
||
|
|
/* exec binary helper */
|