[Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()

Laurent Bigonville bigon at ubuntu.com
Wed May 22 11:25:41 UTC 2013 

** Bug watch added: Debian Bug tracker #677440
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677440

** Also affects: openssh (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677440
   Importance: Unknown
       Status: Unknown

** Bug watch added: Debian Bug tracker #677443
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677443

** Also affects: cron (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677443
   Importance: Unknown
       Status: Unknown

** Bug watch added: Debian Bug tracker #677441
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677441

** Also affects: shadow (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677441
   Importance: Unknown
       Status: Unknown

** Also affects: at (Ubuntu)
   Importance: Undecided
       Status: New

** Bug watch added: Debian Bug tracker #677442
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677442

** Also affects: at (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677442
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1067779

Title:
  missing pam_loginuid.so breaks getlogin()

Status in “at” package in Ubuntu:
  New
Status in “cron” package in Ubuntu:
  Confirmed
Status in “openssh” package in Ubuntu:
  Confirmed
Status in “shadow” package in Ubuntu:
  Confirmed
Status in “at” package in Debian:
  Unknown
Status in “cron” package in Debian:
  Unknown
Status in “openssh” package in Debian:
  Unknown
Status in “shadow” package in Debian:
  Unknown

Bug description:
  getlogin() call in new glibc checks /proc/self/loginuid presence and
  trust its value as most safe source (due it's audit-related nature).
  But default /etc/pam.d/common-account doesn't contains entry to
  pam_loginuid.so which modify /proc/self/loginuid properly. This breaks
  getlogin() at many scenarios like this:

  (pam session without pam_loginuid)$  perl -e '$t=getlogin; print "$t\n";'
  root
  (pam session without pam_loginuid)$  id
  uid=1000(...

  just because /proc/self/loginuid contains '0' value

  If I add pam_loginuid.so to /etc/pam.d/common-account like
  http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html
  recommend, everything worked as expected:

  (pam session with pam_loginuid)$  perl -e '$t=getlogin; print "$t\n";'
  user
  (pam session with pam_loginuid)$  id
  uid=1000(...

  # cat /etc/lsb-release 
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=12.04
  DISTRIB_CODENAME=precise
  DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"

  # dpkg -l|fgrep libpam
  ii  libpam-ck-connector                  0.4.5-2                          ConsoleKit PAM module
  ii  libpam-modules                       1.1.3-7ubuntu2                   Pluggable Authentication Modules for PAM
  ii  libpam-modules-bin                   1.1.3-7ubuntu2                   Pluggable Authentication Modules for PAM - helper binaries
  ii  libpam-runtime                       1.1.3-7ubuntu2                   Runtime support for the PAM library
  ii  libpam0g                             1.1.3-7ubuntu2                   Pluggable Authentication Modules library

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/at/+bug/1067779/+subscriptions

More information about the foundations-bugs mailing list