[Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()

Steve Langasek steve.langasek at canonical.com
Thu Oct 18 13:46:37 UTC 2012 

> So my proposal incorrect - better add pam_loginuid to ordinary
> sessions and leave special sessions untouched.

Yep.  This makes it non-trivial to do centrally; needs to be addressed
in the individual services unfortunately.

** Package changed: pam (Ubuntu) => openssh (Ubuntu)

** Also affects: shadow (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: cron (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1067779

Title:
  missing pam_loginuid.so breaks getlogin()

Status in “cron” package in Ubuntu:
  New
Status in “openssh” package in Ubuntu:
  New
Status in “shadow” package in Ubuntu:
  New

Bug description:
  getlogin() call in new glibc checks /proc/self/loginuid presence and
  trust its value as most safe source (due it's audit-related nature).
  But default /etc/pam.d/common-account doesn't contains entry to
  pam_loginuid.so which modify /proc/self/loginuid properly. This breaks
  getlogin() at many scenarios like this:

  (pam session without pam_loginuid)$  perl -e '$t=getlogin; print "$t\n";'
  root
  (pam session without pam_loginuid)$  id
  uid=1000(...

  just because /proc/self/loginuid contains '0' value

  If I add pam_loginuid.so to /etc/pam.d/common-account like
  http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html
  recommend, everything worked as expected:

  (pam session with pam_loginuid)$  perl -e '$t=getlogin; print "$t\n";'
  user
  (pam session with pam_loginuid)$  id
  uid=1000(...

  # cat /etc/lsb-release 
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=12.04
  DISTRIB_CODENAME=precise
  DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"

  # dpkg -l|fgrep libpam
  ii  libpam-ck-connector                  0.4.5-2                          ConsoleKit PAM module
  ii  libpam-modules                       1.1.3-7ubuntu2                   Pluggable Authentication Modules for PAM
  ii  libpam-modules-bin                   1.1.3-7ubuntu2                   Pluggable Authentication Modules for PAM - helper binaries
  ii  libpam-runtime                       1.1.3-7ubuntu2                   Runtime support for the PAM library
  ii  libpam0g                             1.1.3-7ubuntu2                   Pluggable Authentication Modules library

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1067779/+subscriptions

More information about the foundations-bugs mailing list