Package: libpam-modules
Version: 0.79-3.1
Severity: wishlist
Tags: patch
(cf #155583 "does unix_chkpwd have to be SUID root?")
What is a "r-sr-xr-x root:root" binary protected against that a
"rwsr-xr-x root:root" binary like su or passwd isn't? ISTM that the
"install -m 4555"s in the pam Makefiles would make more sense as
"install -m 4755"s.
In principle there's a SHOULD for this in Debian Policy 10.9, but
I'm leaving the severity at "wishlist" - the missing owner-writeable
bit isn't doing any harm, it's just untidy.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i586)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.xamanek
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages libpam-modules depends on:
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libdb4.3 4.3.29-4.1 Berkeley v4.3 Database Libraries [
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
ii libselinux1 1.30-1 SELinux shared libraries
libpam-modules recommends no packages.
-- no debconf information
--
JBR
Ankh kak! (Ancient Egyptian blessing)
diff -ru pam-0.79.pristine/Linux-PAM/examples/Makefile
pam-0.79/Linux-PAM/examples/Makefile
--- pam-0.79.pristine/Linux-PAM/examples/Makefile 2006-05-19
14:39:26.000000000 +0100
+++ pam-0.79/Linux-PAM/examples/Makefile 2006-05-19 15:10:14.000000000
+0100
@@ -47,7 +47,7 @@
install: all
if [ -n "$(PROGS)" ]; then cp $(PROGS) ../bin ; fi
if [ -n "$(PROGSUID)" ]; then \
- $(INSTALL) -m 4555 $(PROGSUID) ../bin ; fi
+ $(INSTALL) -m 4755 $(PROGSUID) ../bin ; fi
remove:
cd ../bin ; rm -f $(PROGS) $(PROGSUID)
diff -ru pam-0.79.pristine/Linux-PAM/modules/pam_pwdb/Makefile
pam-0.79/Linux-PAM/modules/pam_pwdb/Makefile
--- pam-0.79.pristine/Linux-PAM/modules/pam_pwdb/Makefile 2006-05-19
14:39:26.000000000 +0100
+++ pam-0.79/Linux-PAM/modules/pam_pwdb/Makefile 2006-05-19
15:10:18.000000000 +0100
@@ -109,7 +109,7 @@
$(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)
endif
$(MKDIR) $(FAKEROOT)$(SUPLEMENTED)
- $(INSTALL) -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED)
+ $(INSTALL) -m 4755 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED)
remove:
rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so
diff -ru pam-0.79.pristine/Linux-PAM/modules/pam_unix/Makefile
pam-0.79/Linux-PAM/modules/pam_unix/Makefile
--- pam-0.79.pristine/Linux-PAM/modules/pam_unix/Makefile 2006-05-19
14:39:26.000000000 +0100
+++ pam-0.79/Linux-PAM/modules/pam_unix/Makefile 2006-05-19
15:10:26.000000000 +0100
@@ -173,7 +173,7 @@
do ln -sf $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)/$$x.so ; done
endif
$(MKDIR) $(FAKEROOT)$(SUPLEMENTED)
- install -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED)
+ install -m 4755 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED)
remove:
rm -f $(FAKEROOT)$(SECUREDIR)/$(LIBSHARED)
