Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:

 * src/chage.c: Make chage -l also drop the saved GID.
 * src/chage.c: Prefer setregid/setreuid to setgid/setuid.

diff --git a/ChangeLog b/ChangeLog
index ea37fafc2e7abdac571703ca858e573fde2267b4..5904b5483d9aaa9f613a9523560227ef158b2f38 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,12 @@
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 
+       Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
        * src/chage.c: Remove cleanup(). pw_lock is never called. Replace
        cleanup(2) by spw_unlock and remove the calls to cleanup(1).
        * src/chage.c: Remove variable pwrw. It is always set to 0. The
        password database is always read only.
+       * src/chage.c: Make chage -l also drop the saved GID.
+       * src/chage.c: Prefer setregid/setreuid to setgid/setuid.
 
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 

diff --git a/src/chage.c b/src/chage.c
index cd3e185fe0df561b341e5c18f7a93a444ebd5189..99791c8b8539ef72f33a759476d14671a3be0dea 100644 (file)
--- a/src/chage.c
+++ b/src/chage.c
@@ -322,6 +322,7 @@ int main (int argc, char **argv)
        const struct spwd *sp;
        struct spwd spwd;
        uid_t ruid;
+       gid_t rgid;
        int amroot;
        const struct passwd *pw;
        struct passwd pwent;
@@ -342,6 +343,7 @@ int main (int argc, char **argv)
        textdomain (PACKAGE);
 
        ruid = getuid ();
+       rgid = getgid ();
        amroot = (ruid == 0);
 #ifdef WITH_SELINUX
        if (amroot && is_selinux_enabled () > 0)
@@ -547,7 +549,7 @@ int main (int argc, char **argv)
                exit (E_NOPERM);
        }
 
-       if (lflg && (setgid (getgid ()) || setuid (ruid))) {
+       if (lflg && (setregid (rgid, rgid) || setreuid (ruid, ruid))) {
                fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
                         Prog, strerror (errno));
 #ifdef WITH_AUDIT