Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

shadow: reduce the number of suid programs #17580

Merged
merged 1 commit into from Dec 18, 2019
Merged

Conversation

Duncaen
Copy link
Member

@Duncaen Duncaen commented Dec 17, 2019

The defaults for what programs contained in shadow have the setuid bit
has changed in version 4.7, when using pam most of those tools don't
need setuid bits so explicitly disable them.

References:

The defaults for what programs contained in shadow have the setuid bit
has changed in version 4.7, when using pam most of those tools don't
need setuid bits so explicitly disable them.

References:
* shadow-maint/shadow#199
* https://bugs.archlinux.org/task/64836
* https://bugs.gentoo.org/702252
@falconindy
Copy link

To be clear -- it's not that the defaults have changed, it's that I fixed the build system such that these are actually setuid now. The intention was always that these tools were setuid when --enable-account-tools-setuid, but the install hook has historically failed (guessing, probably for a decade+) to do this because of a directory mismatch.

It's a damn shame that the setuid becomes implicitly on when shadow is built with PAM.

@Duncaen Duncaen merged commit e095c78 into void-linux:master Dec 18, 2019
@Duncaen Duncaen deleted the shadow branch June 13, 2021 20:08
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants