libpam: Setting suid bit for unix_chkpwd

[YOCTO #1252]

While pam_unix.so required by an application on lsb image, it will need to
call the unix_chkpwd to get userinfo from shadow file. This fix get a normal
user could read shadow file via unix_chkpwd.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>

diff --git a/meta/recipes-extended/pam/libpam_1.1.4.bb b/meta/recipes-extended/pam/libpam_1.1.4.bb
index ae20a9783a4d901738dc700af0e65abe5b6a5ab3..d6f95b198fa2881e1988e3276da7c94739f63b34 100644 (file)
--- a/meta/recipes-extended/pam/libpam_1.1.4.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.4.bb
@@ -9,7 +9,7 @@ SECTION = "base"
 LICENSE = "GPLv2+ | BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=ca0395de9a86191a078b8b79302e3083"
 
-PR = "r1"
+PR = "r2"
 
 DEPENDS = "bison flex cracklib"
 RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
@@ -85,3 +85,9 @@ do_install() {
        install -d ${D}${sysconfdir}/pam.d/     
        install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
 }
+
+pkg_postinst_pam-plugin-unix () {
+    # below is necessary to allow unix_chkpwd get user info from shadow file
+    # on lsb images
+    chmod 4755 ${sbindir}/unix_chkpwd
+}