Red Hat Bugzilla – Bug 119986
Pam return code not checked
Last modified: 2007-11-30 17:10:39 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Description of problem:
In the chfn & chsh programs (both root setuid), a call to
pam_chauthtok is not checked for a successful return code. Execution
continues as if it were successful.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Bug found during code review.
I will attach a patch that fixes the bug. Not sure if this has
security implications. Perhaps cron jobs for a recently expired acct?
Created attachment 99098 [details]
Fixes pam return code checks
Please apply before fedora core2 final
Applied in CVS - thanks for the patch!
Thanks for including the patch...however you forgot to actually apply
the patch. e.g. :
--- util-linux.spec.orig 2004-05-12 09:52:53.000000000 -0400
+++ util-linux.spec 2004-05-12 09:53:29.000000000 -0400
@@ -247,6 +247,8 @@
%patch1040 -p1 -b .nfsmount
%patch1001 -p1 -b .nfssloppy
+%patch145 -p1 -b .pam
unset LINGUAS || :
This is in CVS currently.