File 0002_soften_authfile_permission_check.patch of Package pam_u2f.37259

diff --color -ruN pam_u2f-1.2.0-middle/util.c pam_u2f-1.2.0-patched/util.c
--- pam_u2f-1.2.0-middle/util.c	2025-01-21 15:53:13.604782338 +0100
+++ pam_u2f-1.2.0-patched/util.c	2025-01-21 15:52:17.510628891 +0100
@@ -6,6 +6,7 @@
 #include <fido/es256.h>
 #include <fido/rs256.h>
 #include <fido/eddsa.h>
+#include <syslog.h>
 
 #include <openssl/ec.h>
 #include <openssl/obj_mac.h>
@@ -836,8 +837,18 @@
 
   if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
     if (cfg->debug)
-      D(cfg->debug_file, "File %s has insecure permissions", cfg->auth_file);
-    goto err;
+      D(cfg->debug_file, "Permissions %04o for '%s' are too open. Please change the "
+                "file mode bits to 0644 or more restrictive. This may become "
+                "an error in the future!",
+                (unsigned int) st.st_mode & 0777, cfg->auth_file);
+#ifndef WITH_FUZZING
+    /* XXX: force a message to syslog, regardless of the debug level */
+    syslog(LOG_AUTHPRIV | LOG_WARNING,
+           "warning(pam_u2f): Permissions %04o for '%s' are too open. Please "
+           "change the file mode bits to 0644 or more restrictive. This may "
+           "become an error in the future!",
+           (unsigned int) st.st_mode & 0777, cfg->auth_file);
+#endif
   }
   opwfile_size = st.st_size;