diff options
author | Michael Weiser <michael.weiser@gmx.de> | 2019-12-17 20:02:40 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2020-01-19 02:00:17 +0100 |
commit | c7da130a443ab9811b242ae2cbf8259cb85d43b1 (patch) | |
tree | 42f09954ad7d19f4e8111b01e0388645f8602559 /dev-python | |
parent | net-p2p/cpuminer-opt: Cleanup old versions (diff) | |
download | gentoo-c7da130a443ab9811b242ae2cbf8259cb85d43b1.tar.gz gentoo-c7da130a443ab9811b242ae2cbf8259cb85d43b1.tar.bz2 gentoo-c7da130a443ab9811b242ae2cbf8259cb85d43b1.zip |
sys-apps/shadow: Revbump to fix up PAM configuration
shadow includes a number of administrative account management binaries
like useradd, chage and chpasswd, traditionally only useable by root.
In shadow they can be compiled with PAM support and installed setuid.
PAM configuration can then be used to delegate account management to
users other than root.
The previous config contained the pam_rootok module to provide default
behaviour of allowing account management when called as root. But it
also contained pam_permit which would allow everyone else to also do
account management without any authentication.
To close this loophole we remove pam_permit from the config. Also,
chpasswd, chgpasswd and newusers are batch-mode mass-change tools meant
for scripting. They only contain PAM support if configure flag
--enable-account-tools-setuid is in effect and are then installed setuid
root. They should use the same restrictive PAM configuration as their
siblings. But with setuid user management tools and PAM support within
them disabled by commit f569e607 we can stop installing the
configuration files as well.
chfn and chsh are intended to be called by the user as self-service
tools. For this reason they're always installed setuid root and contain
PAM support. They should be allowed to work but maybe not without some
prior authentication to avoid attacks such as someone finding an
unlocked session and using chfn to redirect phone calls intended for the
user to himself. The existing passwd config seems perfect for that and
is aptly named in that both tools change user information normally
stored in /etc/passwd.
groupmems is another user self-service tool. It allows the user to add
people to their user-private group, allowing them trusted access to
normally private files. It is not installed setuid like chfn and chsh
but always contains PAM support. Upstream installs a locked down PAM
config by default.
Since default shell profiles on Gentoo do not change umask to 0002 when
a private user group is in use, impact will only be to allow read access
to those additional users by default.
Since the idea of adding more users to the user *private* group is
questionable, go with upstream's default of locking the PAM config down
so that an admin not only needs to make the binary suid but also adjust
the PAM config, in the process hopefully considering what they're doing.
Bug: https://bugs.gentoo.org/702252
Closes: https://github.com/gentoo/gentoo/pull/14032
Reviewed-by: Mikle Kolyada <zlogene@gentoo.org>
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'dev-python')
0 files changed, 0 insertions, 0 deletions