flatcar-scripts

mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 10:27:00 +02:00

image build and composition scripts for Flatcar Container Linux

Go to file

Krzesimir Nowak a0156ce756 sys-libs/pam: Make /sbin/unix_chkpwd suid This is to avoid importing fcaps eclass which adds a dependency on sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of this conundrum, we could specify a "-filecaps" use flag for sys-libs/pam. Problem with this solution would be no capability override for the binary making it unable to read /etc/shadow. Thus we make the binary suid. This is strictly less secure than overriding its capabilities, but I have no idea how to solve it in a less hacky way.	2020-12-08 18:40:03 +01:00
sdk_container/src/third_party/coreos-overlay	sys-libs/pam: Make /sbin/unix_chkpwd suid	2020-12-08 18:40:03 +01:00

Krzesimir Nowak a0156ce756 sys-libs/pam: Make /sbin/unix_chkpwd suid

This is to avoid importing fcaps eclass which adds a dependency on
sys-libs/libcap, which in turn depends on sys-libs/pam. To get out of
this conundrum, we could specify a "-filecaps" use flag for
sys-libs/pam. Problem with this solution would be no capability
override for the binary making it unable to read /etc/shadow. Thus we
make the binary suid. This is strictly less secure than overriding its
capabilities, but I have no idea how to solve it in a less hacky way.

2020-12-08 18:40:03 +01:00

sdk_container/src/third_party/coreos-overlay

sys-libs/pam: Make /sbin/unix_chkpwd suid

2020-12-08 18:40:03 +01:00