mirror of
https://abf.rosa.ru/djam/mariadb.git
synced 2025-02-23 14:42:48 +00:00
21 lines
858 B
Diff
21 lines
858 B
Diff
SUSE specific patch that hardens the auth_pam_tool setuid-root binary.
|
|
Matthias Gerstner wants it as a prerequisite for allowing auth_pam_tool
|
|
setuid-root binary in [bsc#1160285].
|
|
|
|
diff --git a/plugin/auth_pam/auth_pam_base.c b/plugin/auth_pam/auth_pam_base.c
|
|
index 1e8f4a08..3a2bccbc 100644
|
|
--- a/plugin/auth_pam/auth_pam_base.c
|
|
+++ b/plugin/auth_pam/auth_pam_base.c
|
|
@@ -150,6 +150,12 @@ static int pam_auth_base(struct param *param, MYSQL_SERVER_AUTH_INFO *info)
|
|
const char *service = info->auth_string && info->auth_string[0]
|
|
? info->auth_string : "mysql";
|
|
|
|
+ if( strcmp(service, "mysql") != 0 )
|
|
+ {
|
|
+ PAM_DEBUG((stderr, "PAM: rejecting non-standard PAM service %s\n", service));
|
|
+ return CR_ERROR;
|
|
+ }
|
|
+
|
|
param->ptr = param->buf + 1;
|
|
|
|
PAM_DEBUG((stderr, "PAM: pam_start(%s, %s)\n", service, info->user_name));
|