Bug#287108: marked as done (different 'login'/'su -' behaviour regarding pam_env.so)

Debian Bug Tracking System Mon, 26 Sep 2005 11:48:22 -0700

Your message dated Mon, 26 Sep 2005 20:39:15 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing bugs formerly fixed in experimental and now fixed in 
unstable
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Dec 2004 14:42:03 +0000
>From [EMAIL PROTECTED] Fri Dec 24 06:42:03 2004
Return-path: <[EMAIL PROTECTED]>
Received: from cluster2.uol.ua (cluster1.uol.ua) [195.123.61.210] (root)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1Chqdm-0000SS-00; Fri, 24 Dec 2004 06:42:03 -0800
Received: from [194.242.119.105] (account [EMAIL PROTECTED] HELO localhost)
  by cluster1.uol.ua ( Ukraine Online SMTP 4.2.2)
  with ESMTP-TLS id 10974208; Fri, 24 Dec 2004 16:52:41 +0200
Date: Fri, 24 Dec 2004 16:41:37 +0200
From: Alexander Gatin <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: different 'login'/'su -' behaviour regarding pam_env.so
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="2oS5YaxWCcQjTEyO"
Content-Disposition: inline
X-Reportbug-Version: 3.2
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Package: login
Version: 1:4.0.3-30.4
Severity: important
Tags: patch


Hello!

I have noticed (a long time ago, BTW) that login and
"su -" exhibit diffrent behavior when using pam_env.so
("auth required pam_env.so" line in /etc/pam.d/login
and /etc/pam.d/su).

AFAIK, pam_env.so is used in Debian by default to set
LANG env for login sessions. Also pam_env.so is enabled
by default (?) in /etc/pam.d/login and there's no such
line in /etc/pam.d/su. Anyway, I enabled it in
/etc/pam.d/su to get similar behavior but without
success. I straced su, examined what env is passed to
shell and read su.c/login.c source code ('bout this
later).

First of all, why do I think it's better for 'su -' to
use pam_env? Because, from man su:
> OPTIONS
>        -      make this a login shell
and I think this means that su in "-" should mimic
'login' as close as possible.

Main problem that I had due to the inconsistent
behaviour, is loss of locale (LANG) after 'su -'
switch. I have "LANG=en_GB.UTF-8" in /etc/environment
(this is default Debian's way, isn't it?) and despite
using pam_env, this was lost after 'su -', contrary to
usual root login, when locale is correctly set. I was
forced to add
> [ "x$LANG" = "x" ] && export LANG="en_GB.UTF-8"
line in /etc/profile as workaround. I think it's a way
too ugly.

So, what have I found in login.c so different from
su.c?
It's a call to pam_getenvlist() and explicit addenv()
for all extracted from there variables.

Bear in mind, please, that I'm new to pam programming,
but I spent half a week studying source and tested su
with my patch applied.

I have one more question -- do you have smth. like
pam_xauth in RedHat, that deals with Xauthority accross
su, for example?


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (501, 'testing'), (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.4.27-debsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages login depends on:
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

-- no debconf information

--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="su-login-pam_env.patch"

--- shadow-4.0.3/src/su.c.rjf   2004-12-21 01:55:24.000000000 +0200
+++ shadow-4.0.3/src/su.c       2004-12-24 15:32:09.000000000 +0200
@@ -729,6 +729,19 @@
                pam_end(pamh, ret);
                exit(1);
        }
+       /* We should pass environment from pam_env.so to shell when mimicing
+        * login (su -) and not preserving original environment. */
+       if (fakelogin && (change_environment ||
+                       restricted_shell(pwent.pw_shell))) {
+               const char *const *env;
+
+               env = (const char *const *) pam_getenvlist (pamh);
+               while (env && *env) {
+                       addenv (*env, NULL);
+                       env++;
+               }
+       }
+
        /* We must fork before setuid() because we need to call
         * pam_close_session() as root.
         */

--2oS5YaxWCcQjTEyO--

---------------------------------------
Received: (at 202840-done) by bugs.debian.org; 26 Sep 2005 18:39:49 +0000
>From [EMAIL PROTECTED] Mon Sep 26 11:39:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from perrier.eu.org (kheops.perrier.eu.org) [81.56.227.253] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EJxtF-0005Ko-00; Mon, 26 Sep 2005 11:39:49 -0700
Received: from localhost (localhost [127.0.0.1])
        by kheops.perrier.eu.org (Postfix) with ESMTP id 008CC4FA08;
        Mon, 26 Sep 2005 20:39:16 +0200 (CEST)
Received: from kheops.perrier.eu.org ([127.0.0.1])
        by localhost (kheops [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 17928-04; Mon, 26 Sep 2005 20:39:16 +0200 (CEST)
Received: from mykerinos.kheops.frmug.org (mykerinos.kheops.frmug.org 
[192.168.1.3])
        by kheops.perrier.eu.org (Postfix) with ESMTP id 0F0CE4FA06;
        Mon, 26 Sep 2005 20:39:16 +0200 (CEST)
Received: by mykerinos.kheops.frmug.org (Postfix, from userid 1000)
        id D92F940A90B; Mon, 26 Sep 2005 20:39:15 +0200 (CEST)
Date: Mon, 26 Sep 2005 20:39:15 +0200
From: Christian Perrier <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Closing bugs formerly fixed in experimental and now fixed in unstable
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at kheops.frmug.org
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

Version: 4.0.12-2

All these bugs were already fixed in experimental and should now be
closed with the last upload of 4.0.12-2 in unstable.

-- 




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#287108: marked as done (different 'login'/'su -' behaviour regarding pam_env.so)

Reply via email to