Package: libpam-modules Version: 0.79-3.1 Severity: wishlist Tags: patch (cf #155583 "does unix_chkpwd have to be SUID root?")
What is a "r-sr-xr-x root:root" binary protected against that a "rwsr-xr-x root:root" binary like su or passwd isn't? ISTM that the "install -m 4555"s in the pam Makefiles would make more sense as "install -m 4755"s. In principle there's a SHOULD for this in Debian Policy 10.9, but I'm leaving the severity at "wishlist" - the missing owner-writeable bit isn't doing any harm, it's just untidy. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: i386 (i586) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16.xamanek Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages libpam-modules depends on: ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libdb4.3 4.3.29-4.1 Berkeley v4.3 Database Libraries [ ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libselinux1 1.30-1 SELinux shared libraries libpam-modules recommends no packages. -- no debconf information -- JBR Ankh kak! (Ancient Egyptian blessing)
diff -ru pam-0.79.pristine/Linux-PAM/examples/Makefile pam-0.79/Linux-PAM/examples/Makefile --- pam-0.79.pristine/Linux-PAM/examples/Makefile 2006-05-19 14:39:26.000000000 +0100 +++ pam-0.79/Linux-PAM/examples/Makefile 2006-05-19 15:10:14.000000000 +0100 @@ -47,7 +47,7 @@ install: all if [ -n "$(PROGS)" ]; then cp $(PROGS) ../bin ; fi if [ -n "$(PROGSUID)" ]; then \ - $(INSTALL) -m 4555 $(PROGSUID) ../bin ; fi + $(INSTALL) -m 4755 $(PROGSUID) ../bin ; fi remove: cd ../bin ; rm -f $(PROGS) $(PROGSUID) diff -ru pam-0.79.pristine/Linux-PAM/modules/pam_pwdb/Makefile pam-0.79/Linux-PAM/modules/pam_pwdb/Makefile --- pam-0.79.pristine/Linux-PAM/modules/pam_pwdb/Makefile 2006-05-19 14:39:26.000000000 +0100 +++ pam-0.79/Linux-PAM/modules/pam_pwdb/Makefile 2006-05-19 15:10:18.000000000 +0100 @@ -109,7 +109,7 @@ $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) endif $(MKDIR) $(FAKEROOT)$(SUPLEMENTED) - $(INSTALL) -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED) + $(INSTALL) -m 4755 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED) remove: rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so diff -ru pam-0.79.pristine/Linux-PAM/modules/pam_unix/Makefile pam-0.79/Linux-PAM/modules/pam_unix/Makefile --- pam-0.79.pristine/Linux-PAM/modules/pam_unix/Makefile 2006-05-19 14:39:26.000000000 +0100 +++ pam-0.79/Linux-PAM/modules/pam_unix/Makefile 2006-05-19 15:10:26.000000000 +0100 @@ -173,7 +173,7 @@ do ln -sf $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)/$$x.so ; done endif $(MKDIR) $(FAKEROOT)$(SUPLEMENTED) - install -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED) + install -m 4755 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED) remove: rm -f $(FAKEROOT)$(SECUREDIR)/$(LIBSHARED)