pam_rundir: remove patch
setting SECBIT_NO_SETUID_FIXUP in a pam module is a bad idea: https://github.com/void-linux/void-packages/issues/4417
This commit is contained in:
parent
471ef89448
commit
a2f1445f43
2 changed files with 2 additions and 23 deletions
|
@ -1,21 +0,0 @@
|
||||||
--- pam_rundir.c
|
|
||||||
+++ pam_rundir.c
|
|
||||||
@@ -24,6 +24,8 @@
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <sys/file.h>
|
|
||||||
+#include <sys/prctl.h>
|
|
||||||
+#include <linux/securebits.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
@@ -396,6 +398,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* to bypass permission checks for mkdir, in case it isn't group
|
|
||||||
+ * writable */
|
|
||||||
+ prctl (PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP);
|
|
||||||
/* set euid so if we do create the dir, it is own by the user */
|
|
||||||
if (seteuid (pw->pw_uid) < 0)
|
|
||||||
{
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'pam_rundir-1.0.0'
|
# Template file for 'pam_rundir'
|
||||||
pkgname=pam_rundir
|
pkgname=pam_rundir
|
||||||
version=1.0.0
|
version=1.0.0
|
||||||
revision=2
|
revision=3
|
||||||
build_style=configure
|
build_style=configure
|
||||||
configure_args="--prefix=/usr --with-parentdir=/run/user"
|
configure_args="--prefix=/usr --with-parentdir=/run/user"
|
||||||
makedepends="pam-devel"
|
makedepends="pam-devel"
|
||||||
|
|
Loading…
Reference in a new issue