Bug#1011632: marked as done (systemd: journalctl(1) man page: incorrect SYSTEMD_PAGERSECURE documentation)

Debian Bug Tracking System Wed, 25 May 2022 13:24:22 -0700

Your message dated Wed, 25 May 2022 22:21:39 +0200
with message-id <[email protected]>
and subject line Re: Bug#1011632: systemd: journalctl(1) man page: incorrect 
SYSTEMD_PAGERSECURE documentation
has caused the Debian Bug report #1011632,
regarding systemd: journalctl(1) man page: incorrect SYSTEMD_PAGERSECURE 
documentation
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1011632: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011632
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: systemd
Version: 251-2
Severity: normal

The journalctl(1) man page says about $SYSTEMD_PAGERSECURE:

  When $SYSTEMD_PAGERSECURE is not set at all, pagers which are not
  known to implement secure mode will not be used.

This is not true. As this is shown below, $SYSTEMD_PAGERSECURE is
not set, and any random pager can be used.

$ echo 'echo "This pager does not implement secure mode."' > $HOME/bin/pager
$ chmod 755 $HOME/bin/pager
$ env | grep SYSTEMD
SYSTEMD_LESS=-ciMR -j3
$ journalctl -b
This pager does not implement secure mode.

The "echo ..." is just for the test. The user can use a real pager
that does not implement secure mode, such as "more", e.g. with
"ln -s /bin/more $HOME/bin/pager".

-- Package-specific info:

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.17.0-2-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser          3.121
ii  libacl1          2.3.1-1
ii  libapparmor1     3.0.4-2
ii  libaudit1        1:3.0.7-1+b1
ii  libblkid1        2.38-4
ii  libc6            2.33-7
ii  libcap2          1:2.44-1
ii  libcrypt1        1:4.4.27-1.1
ii  libcryptsetup12  2:2.4.3-1
ii  libfdisk1        2.38-4
ii  libgcrypt20      1.10.1-2
ii  libgnutls30      3.7.4-2
ii  libgpg-error0    1.45-2
ii  libip4tc2        1.8.8-1
ii  libkmod2         29-1
ii  liblz4-1         1.9.3-2
ii  liblzma5         5.2.5-2.1
ii  libmount1        2.38-4
ii  libpam0g         1.4.0-13
ii  libseccomp2      2.5.4-1
ii  libselinux1      3.3-1+b2
ii  libsystemd0      251-2
ii  libzstd1         1.5.2+dfsg-1
ii  mount            2.38-4
ii  util-linux       2.38-4

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]   1.14.0-1
ii  systemd-timesyncd [time-daemon]  251-2

Versions of packages systemd suggests:
ii  libfido2-1            1.11.0-1
pn  libtss2-esys-3.0.2-0  <none>
pn  libtss2-mu0           <none>
pn  libtss2-rc0           <none>
ii  policykit-1           0.105-33
pn  systemd-container     <none>

Versions of packages systemd is related to:
ii  dbus-user-session  1.14.0-1
pn  dracut             <none>
ii  initramfs-tools    0.141
ii  libnss-systemd     251-2
ii  libpam-systemd     251-2
ii  udev               251-2

-- Configuration Files:
/etc/systemd/journald.conf changed [not included]
/etc/systemd/system.conf changed [not included]

-- no debconf information

-- 
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

--- End Message ---

--- Begin Message ---

Am 25.05.22 um 16:49 schrieb Vincent Lefevre:

Package: systemd
Version: 251-2
Severity: normal

The journalctl(1) man page says about $SYSTEMD_PAGERSECURE:

   When $SYSTEMD_PAGERSECURE is not set at all, pagers which are not
   known to implement secure mode will not be used.

This is not true. As this is shown below, $SYSTEMD_PAGERSECURE is
not set, and any random pager can be used.

$ echo 'echo "This pager does not implement secure mode."' > $HOME/bin/pager
$ chmod 755 $HOME/bin/pager
$ env | grep SYSTEMD
SYSTEMD_LESS=-ciMR -j3
$ journalctl -b
This pager does not implement secure mode.

The "echo ..." is just for the test. The user can use a real pager
that does not implement secure mode, such as "more", e.g. with
"ln -s /bin/more $HOME/bin/pager".


Please read the complete paragraph which starts with

Takes a boolean argument. When true, the "secure" mode of the pager is enabled; 
if false, disabled. If $SYSTEMD_PAGERSECURE is not set at all,
secure mode is enabled if the effective UID is not the same as the owner of the 
login session, see geteuid(2) and sd_pid_get_owner_uid(3).

Since you are not setting SYSTEMD_PAGERSECURE and you are not running journalctl e.g. via sudo/pkexec/su in your example above, secure mode is not used.


Michael

OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

Bug#1011632: marked as done (systemd: journalctl(1) man page: incorrect SYSTEMD_PAGERSECURE documentation)

Reply via email to