On Fri, Jan 27, Jonathan DeSena wrote: > I have a simple patch that works for me (see below), but perhaps there > is a better way. I believe this issue should be resolved in the > mainline, especially as auditing in Linux becomes more common. The fix is wrong, you don't need setuid root permissions to read /etc/shadow. You can solve the access problems with setgid or ACLs, too. So it is impossible to implement a correct check without trying to open the file. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
