[gentoo-commits] repo/gentoo:master commit in: sys-libs/pam/

Mike Gilbert Wed, 01 Oct 2025 20:50:52 -0700

commit:     048e077ddc9a2c4e607da1f61d19ceffcf7f9ada
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  1 20:20:24 2025 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Oct  1 20:43:07 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=048e077d


sys-libs/pam: give unix_chkpwd CAP_DAC_READ_SEARCH

CAP_DAC_OVERRIDE is overkill; we only need read access to /etc/shadow.

Closes: https://bugs.gentoo.org/963110
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-libs/pam/{pam-1.7.1.ebuild => pam-1.7.1-r1.ebuild} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-libs/pam/pam-1.7.1.ebuild b/sys-libs/pam/pam-1.7.1-r1.ebuild
similarity index 99%
rename from sys-libs/pam/pam-1.7.1.ebuild
rename to sys-libs/pam/pam-1.7.1-r1.ebuild
index e8ad131b262c..d580d7da9dff 100644
--- a/sys-libs/pam/pam-1.7.1.ebuild
+++ b/sys-libs/pam/pam-1.7.1-r1.ebuild
@@ -187,5 +187,5 @@ pkg_postinst() {
 
        # The pam_unix module needs to check the password of the user which 
requires
        # read access to /etc/shadow only.
-       fcaps -m u+s cap_dac_override sbin/unix_chkpwd
+       fcaps -m u+s cap_dac_read_search sbin/unix_chkpwd
 }

[gentoo-commits] repo/gentoo:master commit in: sys-libs/pam/

Reply via email to