From 5ba026718403bc4c8f2f41a7a54822a9c0289b33 Mon Sep 17 00:00:00 2001
From: "Jared H.Hudson" <jhhudso@gentoo.org>
Date: Wed, 3 Apr 2002 22:25:21 +0000
Subject: Quick fix for PAM bug where services that use pam_pwdb are
 exploitable if you try to log as a user 4 time with the same wrong password,
 and on the 5th time you enter the correct user password, you will be placed
 without a HOME directory and as uid 0. Currently only telnet and console
 login seem to be affected. Since both use the login pam file which uses
 system-auth, system-auth has been updated to use pam_unix instead of
 pam_pwdb.

---
 sys-apps/shadow/files/digest-shadow-4.0.2-r2 | 1 +
 sys-apps/shadow/files/pam.d/system-auth      | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 sys-apps/shadow/files/digest-shadow-4.0.2-r2

(limited to 'sys-apps/shadow/files')

diff --git a/sys-apps/shadow/files/digest-shadow-4.0.2-r2 b/sys-apps/shadow/files/digest-shadow-4.0.2-r2
new file mode 100644
index 000000000000..cd747a96a934
--- /dev/null
+++ b/sys-apps/shadow/files/digest-shadow-4.0.2-r2
@@ -0,0 +1 @@
+MD5 5a98215dd9ee6511cbc2c898898d3c14 shadow-4.0.2.tar.gz 966765
diff --git a/sys-apps/shadow/files/pam.d/system-auth b/sys-apps/shadow/files/pam.d/system-auth
index 7fdf7b660894..795f0fe723f0 100644
--- a/sys-apps/shadow/files/pam.d/system-auth
+++ b/sys-apps/shadow/files/pam.d/system-auth
@@ -1,14 +1,14 @@
 #%PAM-1.0
 
 auth       required	/lib/security/pam_env.so
-auth       sufficient	/lib/security/pam_pwdb.so likeauth nullok
+auth       sufficient	/lib/security/pam_unix.so likeauth nullok
 auth       required	/lib/security/pam_deny.so
 
-account    required	/lib/security/pam_pwdb.so
+account    required	/lib/security/pam_unix.so
 
 password   required	/lib/security/pam_cracklib.so retry=3
-password   sufficient	/lib/security/pam_pwdb.so nullok md5 shadow use_authtok
+password   sufficient	/lib/security/pam_unix.so nullok md5 shadow use_authtok
 password   required	/lib/security/pam_deny.so
 
 session    required	/lib/security/pam_limits.so
-session    required	/lib/security/pam_pwdb.so
+session    required	/lib/security/pam_unix.so
-- 
cgit v1.2.3-65-gdbad