[Bug 1067779] [NEW] missing pam_loginuid.so breaks getlogin()
lakostis
1067779 at bugs.launchpad.net
Wed Oct 17 15:38:09 UTC 2012
Public bug reported:
getlogin() call in new glibc checks /proc/self/loginuid presence and
trust its value as most safe source (due it's audit-related nature). But
default /etc/pam.d/common-account doesn't contains entry to
pam_loginuid.so which modify /proc/self/loginuid properly. This breaks
getlogin() at many scenarios like this:
(pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
root
(pam session without pam_loginuid)$ id
uid=1000(...
lust because /proc/self/loginuid contains '0' value
If I add pam_loginuid.so to /etc/pam.d/common-account like
http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html
recommend, everything worked as expected:
(pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
user
(pam session with pam_loginuid)$ id
uid=1000(...
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
# dpkg -l|fgrep libpam
ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module
ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library
ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1067779
Title:
missing pam_loginuid.so breaks getlogin()
Status in “pam” package in Ubuntu:
New
Bug description:
getlogin() call in new glibc checks /proc/self/loginuid presence and
trust its value as most safe source (due it's audit-related nature).
But default /etc/pam.d/common-account doesn't contains entry to
pam_loginuid.so which modify /proc/self/loginuid properly. This breaks
getlogin() at many scenarios like this:
(pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
root
(pam session without pam_loginuid)$ id
uid=1000(...
lust because /proc/self/loginuid contains '0' value
If I add pam_loginuid.so to /etc/pam.d/common-account like
http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html
recommend, everything worked as expected:
(pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
user
(pam session with pam_loginuid)$ id
uid=1000(...
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
# dpkg -l|fgrep libpam
ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module
ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library
ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1067779/+subscriptions
More information about the foundations-bugs
mailing list