diff -up Linux-PAM-1.0.4/modules/pam_unix/unix_update.c.root-update Linux-PAM-1.0.4/modules/pam_unix/unix_update.c
--- Linux-PAM-1.0.4/modules/pam_unix/unix_update.c.root-update 2008-02-21 22:12:30.000000000 +0100
+++ Linux-PAM-1.0.4/modules/pam_unix/unix_update.c 2009-03-17 11:20:22.000000000 +0100
@@ -71,11 +71,14 @@ set_password(const char *forwho, const c
goto done;
}
- /* does pass agree with the official one?
- we always allow change from null pass */
- retval = helper_verify_password(forwho, pass, 1);
- if (retval != PAM_SUCCESS) {
- goto done;
+ /* If real caller uid is not root we must verify that
+ received old pass agrees with the current one.
+ We always allow change from null pass. */
+ if (getuid()) {
+ retval = helper_verify_password(forwho, pass, 1);
+ if (retval != PAM_SUCCESS) {
+ goto done;
+ }
}
/* first, save old password */