From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2) Gecko/20040308 Description of problem: In the chfn & chsh programs (both root setuid), a call to pam_chauthtok is not checked for a successful return code. Execution continues as if it were successful. Version-Release number of selected component (if applicable): util-linux-2.12 How reproducible: Always Steps to Reproduce: Bug found during code review. Additional info: I will attach a patch that fixes the bug. Not sure if this has security implications. Perhaps cron jobs for a recently expired acct?
Created attachment 99098 [details] Fixes pam return code checks Please apply before fedora core2 final
Applied in CVS - thanks for the patch!
Thanks for including the patch...however you forgot to actually apply the patch. e.g. : --- util-linux.spec.orig 2004-05-12 09:52:53.000000000 -0400 +++ util-linux.spec 2004-05-12 09:53:29.000000000 -0400 @@ -247,6 +247,8 @@ %patch1040 -p1 -b .nfsmount %patch1001 -p1 -b .nfssloppy +%patch145 -p1 -b .pam + %build unset LINGUAS || :
This is in CVS currently.