[Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()

Thu Oct 18 13:18:00 UTC 2012

More to go:

Currently, /etc/pam.d/common-account (to be more correct, /etc/pam.d
/common-session) doesn't differ sessions like ordinary (login,sshd,crond
etc) and special (su and sudo). So my proposal incorrect - better add
pam_loginuid to ordinary sessions and leave special sessions untouched.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1067779

Title:
  missing pam_loginuid.so breaks getlogin()

Status in “pam” package in Ubuntu:
  New

Bug description:
  getlogin() call in new glibc checks /proc/self/loginuid presence and
  trust its value as most safe source (due it's audit-related nature).
  But default /etc/pam.d/common-account doesn't contains entry to
  pam_loginuid.so which modify /proc/self/loginuid properly. This breaks
  getlogin() at many scenarios like this:

  (pam session without pam_loginuid)$  perl -e '$t=getlogin; print "$t\n";'
  root
  (pam session without pam_loginuid)$  id
  uid=1000(...

  just because /proc/self/loginuid contains '0' value

  If I add pam_loginuid.so to /etc/pam.d/common-account like
  http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html
  recommend, everything worked as expected:

  (pam session with pam_loginuid)$  perl -e '$t=getlogin; print "$t\n";'
  user
  (pam session with pam_loginuid)$  id
  uid=1000(...

  # cat /etc/lsb-release 
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=12.04
  DISTRIB_CODENAME=precise
  DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"

  # dpkg -l|fgrep libpam
  ii  libpam-ck-connector                  0.4.5-2                          ConsoleKit PAM module
  ii  libpam-modules                       1.1.3-7ubuntu2                   Pluggable Authentication Modules for PAM
  ii  libpam-modules-bin                   1.1.3-7ubuntu2                   Pluggable Authentication Modules for PAM - helper binaries
  ii  libpam-runtime                       1.1.3-7ubuntu2                   Runtime support for the PAM library
  ii  libpam0g                             1.1.3-7ubuntu2                   Pluggable Authentication Modules library

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1067779/+subscriptions