pam_rundir: remove patch

setting SECBIT_NO_SETUID_FIXUP in a pam module is a bad idea:
https://github.com/void-linux/void-packages/issues/4417
This commit is contained in:
Johannes 2018-11-11 14:39:21 +01:00 committed by Johannes
parent 471ef89448
commit a2f1445f43
2 changed files with 2 additions and 23 deletions

View file

@ -1,21 +0,0 @@
--- pam_rundir.c
+++ pam_rundir.c
@@ -24,6 +24,8 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/file.h>
+#include <sys/prctl.h>
+#include <linux/securebits.h>
#include <string.h>
#include <pwd.h>
#include <fcntl.h>
@@ -396,6 +398,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
goto done;
}
+ /* to bypass permission checks for mkdir, in case it isn't group
+ * writable */
+ prctl (PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP);
/* set euid so if we do create the dir, it is own by the user */
if (seteuid (pw->pw_uid) < 0)
{

View file

@ -1,7 +1,7 @@
# Template file for 'pam_rundir-1.0.0' # Template file for 'pam_rundir'
pkgname=pam_rundir pkgname=pam_rundir
version=1.0.0 version=1.0.0
revision=2 revision=3
build_style=configure build_style=configure
configure_args="--prefix=/usr --with-parentdir=/run/user" configure_args="--prefix=/usr --with-parentdir=/run/user"
makedepends="pam-devel" makedepends="pam-devel"