[Bug 280995] [PATCH] pwdbopen: don't check effective UID
Date: Thu, 22 Aug 2024 11:04:39 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280995
Bug ID: 280995
Summary: [PATCH] pwdbopen: don't check effective UID
Product: Base System
Version: 14.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: bugs@FreeBSD.org
Reporter: me@levitati.ng
Currently if pwdbopen detects that the running user is not privileged the
unprivileged passwd database is used.
However it can be useful for non-privileged processes to be able to retrieve
encrypted passwords.
This patch for instance makes the pam_unix.so PAM module work, as long as the
process has read access to /etc/spwd.db.
diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c
index 1cbf97e7eb5..cdaa27ea539 100644
--- a/lib/libc/gen/getpwent.c
+++ b/lib/libc/gen/getpwent.c
@@ -722,8 +722,7 @@ pwdbopen(int *version)
DBT key, entry;
int rv;
- if (geteuid() != 0 ||
- (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
+ if ((res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
if (res == NULL)
return (NULL);
--
You are receiving this mail because:
You are the assignee for the bug.