[OE-core] [PATCH 1/1] libpam: Setting suid bit for unix_chkpwd
Scott Garman
scott.a.garman at intel.com
Mon Aug 22 02:30:26 UTC 2011
On 08/20/2011 09:05 AM, Khem Raj wrote:
> On 8/20/2011 12:58 AM, wenzong.fan at windriver.com wrote:
>> From: Wenzong Fan<wenzong.fan at windriver.com>
>>
>> [YOCTO #1252]
>>
>> While pam_unix.so required by an application on lsb image, it will
>> need to
>> call the unix_chkpwd to get userinfo from shadow file. This fix get a
>> normal
>> user could read shadow file via unix_chkpwd.
>>
>> Signed-off-by: Wenzong Fan<wenzong.fan at windriver.com>
>> ---
>> meta/recipes-extended/pam/libpam_1.1.4.bb | 8 +++++++-
>> 1 files changed, 7 insertions(+), 1 deletions(-)
>>
>> diff --git a/meta/recipes-extended/pam/libpam_1.1.4.bb
>> b/meta/recipes-extended/pam/libpam_1.1.4.bb
>> index ae20a97..ca54bd8 100644
>> --- a/meta/recipes-extended/pam/libpam_1.1.4.bb
>> +++ b/meta/recipes-extended/pam/libpam_1.1.4.bb
>> @@ -9,7 +9,7 @@ SECTION = "base"
>> LICENSE = "GPLv2+ | BSD"
>> LIC_FILES_CHKSUM = "file://COPYING;md5=ca0395de9a86191a078b8b79302e3083"
>>
>> -PR = "r1"
>> +PR = "r2"
>>
>> DEPENDS = "bison flex cracklib"
>> RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit
>> pam-plugin-warn pam-plugin-unix"
>> @@ -85,3 +85,9 @@ do_install() {
>> install -d ${D}${sysconfdir}/pam.d/
>> install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
>> }
>> +
>> +pkg_postinst_pam-plugin-unix () {
>> + # below is necessary to allow unix_chkpwd get user info from shadow
>> file
>> + # on lsb images
>> + chmod 4755 /usr/sbin/unix_chkpwd
>
> may be its better to use corresponding metadata variables instead of
> hardcoding /usr/sbin here
With Khem's recommended tweak:
Acked-by: Scott Garman <scott.a.garman at intel.com>
--
Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center
More information about the Openembedded-core
mailing list