Commit | Line | Data |
---|---|---|
411264c2 RS |
1 | On systems without 'setfsuid', use 'setreuid' instead. |
2 | ||
3 | The patch originates from the Debian project for GNU/Hurd. | |
4 | Authors: Steve Langasek <vorlon@debian.org> | |
5 | Upstream status: A ticket was opened to request apply the patch, | |
6 | ticket: 'https://fedorahosted.org/linux-pam/ticket/64'. | |
7 | ||
8 | --- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.000000000 -0600 | |
9 | +++ pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500 | |
10 | @@ -14,7 +14,9 @@ | |
11 | #include <syslog.h> | |
12 | #include <pwd.h> | |
13 | #include <grp.h> | |
14 | +#ifdef HAVE_SYS_FSUID_H | |
15 | #include <sys/fsuid.h> | |
16 | +#endif /* HAVE_SYS_FSUID_H */ | |
17 | ||
18 | /* | |
19 | * Two setfsuid() calls in a row are necessary to check | |
20 | @@ -22,17 +24,55 @@ | |
21 | */ | |
22 | static int change_uid(uid_t uid, uid_t *save) | |
23 | { | |
24 | +#ifdef HAVE_SYS_FSUID_H | |
25 | uid_t tmp = setfsuid(uid); | |
26 | if (save) | |
27 | *save = tmp; | |
28 | return (uid_t) setfsuid(uid) == uid ? 0 : -1; | |
29 | +#else | |
30 | + uid_t euid = geteuid(); | |
31 | + uid_t ruid = getuid(); | |
32 | + if (save) | |
33 | + *save = ruid; | |
34 | + if (ruid == uid && uid != 0) | |
35 | + if (setreuid(euid, uid)) | |
36 | + return -1; | |
37 | + else { | |
38 | + setreuid(0, -1); | |
39 | + if (setreuid(-1, uid)) { | |
40 | + setreuid(-1, 0); | |
41 | + setreuid(0, -1); | |
42 | + if (setreuid(-1, uid)) | |
43 | + return -1; | |
44 | + } | |
45 | + } | |
46 | +#endif | |
47 | } | |
48 | static int change_gid(gid_t gid, gid_t *save) | |
49 | { | |
50 | +#ifdef HAVE_SYS_FSUID_H | |
51 | gid_t tmp = setfsgid(gid); | |
52 | if (save) | |
53 | *save = tmp; | |
54 | return (gid_t) setfsgid(gid) == gid ? 0 : -1; | |
55 | +#else | |
56 | + gid_t egid = getegid(); | |
57 | + gid_t rgid = getgid(); | |
58 | + if (save) | |
59 | + *save = rgid; | |
60 | + if (rgid == gid) | |
61 | + if (setregid(egid, gid)) | |
62 | + return -1; | |
63 | + else { | |
64 | + setregid(0, -1); | |
65 | + if (setregid(-1, gid)) { | |
66 | + setregid(-1, 0); | |
67 | + setregid(0, -1); | |
68 | + if (setregid(-1, gid)) | |
69 | + return -1; | |
70 | + } | |
71 | + } | |
72 | +#endif | |
73 | } | |
74 | ||
75 | static int cleanup(struct pam_modutil_privs *p) |