Date: Thu, 22 Aug 2024 11:04:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280995] [PATCH] pwdbopen: don't check effective UID Message-ID: <bug-280995-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280995 Bug ID: 280995 Summary: [PATCH] pwdbopen: don't check effective UID Product: Base System Version: 14.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: me@levitati.ng Currently if pwdbopen detects that the running user is not privileged the unprivileged passwd database is used. However it can be useful for non-privileged processes to be able to retrieve encrypted passwords. This patch for instance makes the pam_unix.so PAM module work, as long as t= he process has read access to /etc/spwd.db. diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c index 1cbf97e7eb5..cdaa27ea539 100644 --- a/lib/libc/gen/getpwent.c +++ b/lib/libc/gen/getpwent.c @@ -722,8 +722,7 @@ pwdbopen(int *version) DBT key, entry; int rv; - if (geteuid() !=3D 0 || - (res =3D dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) =3D= =3D NULL) + if ((res =3D dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) =3D= =3D NULL) res =3D dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL); if (res =3D=3D NULL) return (NULL); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280995-227>