From 0af09206acbf3b9cde581088e4430f1e8dc3bf2e Mon Sep 17 00:00:00 2001
From: Yu Ke <ke.yu@intel.com>
Date: Mon, 28 Feb 2011 19:34:45 +0800
Subject: shadow: upgrade to 4.1.4.3 to fix security vulnerability

For CVE-2011-0721: http://lists.debian.org/debian-security-announce/2011/msg00030.html

Signed-off-by: Yu Ke <ke.yu@intel.com>
---
 meta/recipes-extended/shadow/files/pam.d/chsh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 meta/recipes-extended/shadow/files/pam.d/chsh

(limited to 'meta/recipes-extended/shadow/files/pam.d/chsh')

diff --git a/meta/recipes-extended/shadow/files/pam.d/chsh b/meta/recipes-extended/shadow/files/pam.d/chsh
new file mode 100644
index 0000000000..8fb169f64e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/chsh
@@ -0,0 +1,19 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
-- 
cgit 1.2.3-korg