1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From: Jorge Rocha Gualtieri <jorge@jrg.com.br>
Date: Wed, 11 Oct 2023 11:43:20 +0200
Subject: Runs PAM_REINITIALIZE_CRED after fork to apply correct rights to
child process.
Last-Update: 2021-03-01
Bug-Debian: https://bugs.debian.org/983817
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1917350
The feature provided by this patch is tested with the script
debian/tests/check-messages-sent-by-cron (second part of the script)
---
do_command.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/do_command.c b/do_command.c
index b649c61..f3c37f8 100644
--- a/do_command.c
+++ b/do_command.c
@@ -231,6 +231,12 @@ child_process(e, u)
exit(ERROR_EXIT);
}
# endif
+
+#if defined(USE_PAM)
+ if (pamh != NULL) {
+ pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
+ }
+#endif
if (setuid(e->uid) !=0) { /* we aren't root after this... */
char msg[256];
snprintf(msg, 256, "do_command:setuid(%lu) failed: %s",
|
