libpam: Setting suid bit for unix_chkpwd

[YOCTO #1252]

While pam_unix.so required by an application on lsb image, it will need to
call the unix_chkpwd to get userinfo from shadow file. This fix get a normal
user could read shadow file via unix_chkpwd.

(From OE-Core rev: c23a3cd68385563a16d5bbc899e26f35cdc6c2cf)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 7 insertions, 1 deletions

diff --git a/meta/recipes-extended/pam/libpam_1.1.4.bb b/meta/recipes-extended/pam/libpam_1.1.4.bb
index ae20a9783a..d6f95b198f 100644
--- a/meta/recipes-extended/pam/libpam_1.1.4.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.4.bb
@@ -9,7 +9,7 @@ SECTION = "base"
 LICENSE = "GPLv2+ | BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=ca0395de9a86191a078b8b79302e3083"
 
-PR = "r1"
+PR = "r2"
 
 DEPENDS = "bison flex cracklib"
 RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
@@ -85,3 +85,9 @@ do_install() {
         install -d ${D}${sysconfdir}/pam.d/     
         install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
 }
+
+pkg_postinst_pam-plugin-unix () {
+    # below is necessary to allow unix_chkpwd get user info from shadow file
+    # on lsb images
+    chmod 4755 ${sbindir}/unix_chkpwd
+}