1 On systems without 'setfsuid', use 'setreuid' instead.
3 The patch originates from the Debian project for GNU/Hurd.
4 Authors: Steve Langasek <vorlon@debian.org>
5 Upstream status: A ticket was opened to request apply the patch,
6 ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.
8 --- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.000000000 -0600
9 +++ pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500
14 +#ifdef HAVE_SYS_FSUID_H
15 #include <sys/fsuid.h>
16 +#endif /* HAVE_SYS_FSUID_H */
19 * Two setfsuid() calls in a row are necessary to check
22 static int change_uid(uid_t uid, uid_t *save)
24 +#ifdef HAVE_SYS_FSUID_H
25 uid_t tmp = setfsuid(uid);
28 return (uid_t) setfsuid(uid) == uid ? 0 : -1;
30 + uid_t euid = geteuid();
31 + uid_t ruid = getuid();
34 + if (ruid == uid && uid != 0)
35 + if (setreuid(euid, uid))
39 + if (setreuid(-1, uid)) {
42 + if (setreuid(-1, uid))
48 static int change_gid(gid_t gid, gid_t *save)
50 +#ifdef HAVE_SYS_FSUID_H
51 gid_t tmp = setfsgid(gid);
54 return (gid_t) setfsgid(gid) == gid ? 0 : -1;
56 + gid_t egid = getegid();
57 + gid_t rgid = getgid();
61 + if (setregid(egid, gid))
65 + if (setregid(-1, gid)) {
68 + if (setregid(-1, gid))
75 static int cleanup(struct pam_modutil_privs *p)