File pam_namespace-secure_opendir-do-not-look-at-the-grou.patch of Package pam.38820

Adapted from commit:

From 2c978bab94a0a62e5b8bc0d52a777dca394d90cb Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Tue, 27 May 2025 08:00:00 +0000
Subject: [PATCH 3/3] pam_namespace: secure_opendir: do not look at the group
 ownership

When the directory is not group-writable, the group ownership does
not matter, and when it is group-writable, there should not be any
exceptions for the root group as there is no guarantee that the root
group does not include non-root users.

Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
Index: Linux-PAM-1.3.0/modules/pam_namespace/pam_namespace.c
===================================================================
--- Linux-PAM-1.3.0.orig/modules/pam_namespace/pam_namespace.c
+++ Linux-PAM-1.3.0/modules/pam_namespace/pam_namespace.c
@@ -1139,8 +1139,7 @@ static int secure_opendir(const char *pa
 			if (dfd_next == -1)
 				goto error;
 		} else if (st.st_uid != 0
-				|| (st.st_gid != 0 && (st.st_mode & S_IWGRP))
-				|| (st.st_mode & S_IWOTH)) {
+				|| (st.st_mode & (S_IWGRP|S_IWOTH))) {
 			/* do not follow symlinks on subdirectories */
 			flags |= O_NOFOLLOW;
 		}