tag 155583 patch thanks In Ubuntu we now install unix_chkpwd with setgid shadow by default to eliminate this rather useless suid root program:
http://patches.ubuntu.com/patches/pam.unix_chkpwd-deroot.diff However, as mentioned in the bug trail, this would break nis, so we patched nis as well to change back the permissions of unix_chkpwd to setuid root while nis is installed: http://patches.ubuntu.com/patches/nis.unix_chkpwd-deroot.diff I talked to Scott James Remnant, and we agreed that using a statoverride is the least ugly way to achieve this. Of course this requires coordination between the nis and the pam maintainers, and the conflicts Ubuntu added need to be adapted accordingly. We use theses patches for several weeks now without any problems. Thanks for considering and have a nice day! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
