40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
--- pam_rundir.c 2015-09-23 12:57:53.000000000 -0400
|
|
+++ pam_rundir2.c 2019-08-24 13:17:11.241470935 -0400
|
|
@@ -24,6 +24,8 @@
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/file.h>
|
|
+#include <sys/prctl.h>
|
|
+#include <linux/securebits.h>
|
|
#include <string.h>
|
|
#include <pwd.h>
|
|
#include <fcntl.h>
|
|
@@ -360,6 +362,7 @@
|
|
char file[sizeof (PARENT_DIR) + l + 2];
|
|
int fd;
|
|
int count = 0;
|
|
+ int secbits = -1;
|
|
|
|
print_filename (file, (int) pw->pw_uid, l);
|
|
fd = open_and_lock (file);
|
|
@@ -396,6 +399,11 @@
|
|
goto done;
|
|
}
|
|
|
|
+ /* to bypass permission checks for mkdir, in case it isn't group
|
|
+ * writable */
|
|
+ secbits = prctl (PR_GET_SECUREBITS);
|
|
+ if (secbits != -1)
|
|
+ prctl (PR_SET_SECUREBITS, (unsigned long) secbits | SECBIT_NO_SETUID_FIXUP);
|
|
/* set euid so if we do create the dir, it is own by the user */
|
|
if (seteuid (pw->pw_uid) < 0)
|
|
{
|
|
@@ -421,6 +429,8 @@
|
|
}
|
|
|
|
done:
|
|
+ if (secbits != -1)
|
|
+ prctl (PR_SET_SECUREBITS, (unsigned long) secbits);
|
|
close (fd); /* also unlocks */
|
|
}
|
|
|