[Christian Sievers] > There may be a prefered way to close pam's file descriptors that I > don't know. A simple fix is to just unconditionally close file > descriptor 0 again.
I believe a better way to fix this is to move the closing of the PAM session below the point where stdin is reopened. Here is a patch to implement that change: --- at-3.1.10.1/atd.c 2008-01-13 13:37:41.000000000 +0100 +++ at-3.1.10/atd.c 2005-08-31 01:42:56.000000000 +0200 @@ -454,6 +454,14 @@ */ waitpid(pid, (int *) NULL, 0); +#ifdef HAVE_PAM + PRIV_START + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); + retcode = pam_close_session(pamh, PAM_SILENT); + pam_end(pamh, retcode); + PRIV_END +#endif + /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ @@ -463,18 +471,6 @@ unlink(filename); -#ifdef HAVE_PAM - /* - * PAM can open file descriptors, so it have to be called after - * the open() call above to make sure it does not open STDIN_FILENO. - */ - PRIV_START - pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); - retcode = pam_close_session(pamh, PAM_SILENT); - pam_end(pamh, retcode); - PRIV_END -#endif - /* The job is now finished. We can delete its input file. */ chdir(ATJOB_DIR); -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]