From: Dave Reisner Date: Mon, 16 Dec 2019 19:11:23 +0000 (-0500) Subject: Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected X-Git-Tag: 4.8.1~16^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F199%2Fhead;p=thirdparty%2Fshadow.git Don't auto-enable ACCT_TOOLS_SETUID if PAM is detected Here's a sad story: * 70971457 is merged into shadow, allowing newgidmap/newuidmap to be installed with file caps rather than setuid. * https://bugs.archlinux.org/task/63248 is filed to take advantage of this. * The arch maintainer of the 'shadow' package notices that this doesn't work, and submits a pull request to fix this in shadow. * edf7547ad5 is merged, fixing the post install hooks. The problem here is that distros have been building shadow with PAM for O(years), but the install hooks have silently failed due to the combination of the directory mismatch (suidubins vs suidsbins) and later success with setuid'ing newgidmap/newuidmap. With the install hooks fixed, those of us (Arch[1] and Gentoo[2] so far) who never built shadow explicitly with --enable-account-tools-setuid are now getting setuid account tools, and don't have PAM configuration suitable for use with setuid account management tools. It's entirely unclear to me why you'd want this, but I assume there's some reason out there for it existing. Regardless, setuid binaries are dangerous and shouldn't be enabled by default without good reason. [1] https://bugs.archlinux.org/task/64836 [2] https://bugs.gentoo.org/702252 --- diff --git a/configure.ac b/configure.ac index e3ed3b431..d6e2bfbd8 100644 --- a/configure.ac +++ b/configure.ac @@ -226,7 +226,7 @@ AC_ARG_ENABLE(account-tools-setuid, *) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid) ;; esac], - [enable_acct_tools_setuid="maybe"] + [enable_acct_tools_setuid="no"] ) AC_ARG_ENABLE(utmpx,