summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Weiser <michael.weiser@gmx.de>2019-12-17 20:02:40 +0100
committerLars Wendler <polynomial-c@gentoo.org>2020-01-19 02:00:17 +0100
commitc7da130a443ab9811b242ae2cbf8259cb85d43b1 (patch)
tree42f09954ad7d19f4e8111b01e0388645f8602559 /dev-python
parentnet-p2p/cpuminer-opt: Cleanup old versions (diff)
downloadgentoo-c7da130a443ab9811b242ae2cbf8259cb85d43b1.tar.gz
gentoo-c7da130a443ab9811b242ae2cbf8259cb85d43b1.tar.bz2
gentoo-c7da130a443ab9811b242ae2cbf8259cb85d43b1.zip
sys-apps/shadow: Revbump to fix up PAM configuration
shadow includes a number of administrative account management binaries like useradd, chage and chpasswd, traditionally only useable by root. In shadow they can be compiled with PAM support and installed setuid. PAM configuration can then be used to delegate account management to users other than root. The previous config contained the pam_rootok module to provide default behaviour of allowing account management when called as root. But it also contained pam_permit which would allow everyone else to also do account management without any authentication. To close this loophole we remove pam_permit from the config. Also, chpasswd, chgpasswd and newusers are batch-mode mass-change tools meant for scripting. They only contain PAM support if configure flag --enable-account-tools-setuid is in effect and are then installed setuid root. They should use the same restrictive PAM configuration as their siblings. But with setuid user management tools and PAM support within them disabled by commit f569e607 we can stop installing the configuration files as well. chfn and chsh are intended to be called by the user as self-service tools. For this reason they're always installed setuid root and contain PAM support. They should be allowed to work but maybe not without some prior authentication to avoid attacks such as someone finding an unlocked session and using chfn to redirect phone calls intended for the user to himself. The existing passwd config seems perfect for that and is aptly named in that both tools change user information normally stored in /etc/passwd. groupmems is another user self-service tool. It allows the user to add people to their user-private group, allowing them trusted access to normally private files. It is not installed setuid like chfn and chsh but always contains PAM support. Upstream installs a locked down PAM config by default. Since default shell profiles on Gentoo do not change umask to 0002 when a private user group is in use, impact will only be to allow read access to those additional users by default. Since the idea of adding more users to the user *private* group is questionable, go with upstream's default of locking the PAM config down so that an admin not only needs to make the binary suid but also adjust the PAM config, in the process hopefully considering what they're doing. Bug: https://bugs.gentoo.org/702252 Closes: https://github.com/gentoo/gentoo/pull/14032 Reviewed-by: Mikle Kolyada <zlogene@gentoo.org> Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'dev-python')
0 files changed, 0 insertions, 0 deletions