Merge pull request #4 from xnox/master

Make shadow more robust in hostile environments
2015-11-12 23:07:29 -06:00
parent 4c4896f0d5 bab349b46e
commit e01bad7d3c
30 changed files with 141 additions and 87 deletions
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -968,11 +968,10 @@ int commonio_close (struct commonio_db *db)
 	} else {
 		/*
 		 * Default permissions for new [g]shadow files.
-		 * (passwd and group always exist...)
 		 */
-		sb.st_mode = 0400;
-		sb.st_uid = 0;
-		sb.st_gid = 0;
+		sb.st_mode = db->st_mode;
+		sb.st_uid = db->st_uid;
+		sb.st_gid = db->st_gid;
 	}

 	snprintf (buf, sizeof buf, "%s+", db->filename);