Package: login Version: 1:4.0.3-35 Severity: normal When CLOSE_SESSIONS is enabled, /bin/su runs the shell in a forked child process, thanks to the patch 008_su_PAM_session. The problem with this patch is that the parent process, which hangs around waiting for the child to exit, doesn't notice if the child process stops itself. So when the root shell suspends itself (because the user has issued the suspend command), the user sees a dead terminal, and no way to regain control, because su doesn't relay the message up to its original parent.
To replicate this problem, enable CLOSE_SESSIONS and su to root using bash as a shell. For some reason, it doesn't show up if you are using zsh, apparently because zsh is playing some funny process group games. But it is definitely a problem with bash as a shell, which is reasonably popular.... This portion of the patch 008_su_PAM_session default: /* parent */ waitpid(pid, &status, 0); /* now we are done using PAM */ pam_setcred(pamh, PAM_DELETE_CRED); ret = pam_close_session(pamh, 0); pam_end(pamh, ret); exit(WEXITSTATUS(status)); } Should be something like this: default: /* parent */ while (1) { int r; r = waitpid(pid, &status, WUNTRACED); if (r < 0) { SYSLOG(LOG_ERR, "su: waitpid failure: %m"); break; } if (WIFEXITED(status) || WIFSIGNALED(&status)) break; if (WIFSTOPPED(&status)) { /* stop myself */ kill(getpid(), SIGSTOP); /* running again, wake up the child */ kill(pid, SIGCONT); } } /* now we are done using PAM */ pam_setcred(pamh, PAM_DELETE_CRED); ret = pam_close_session(pamh, 0); pam_end(pamh, ret); exit(WEXITSTATUS(status)); } -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages login depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l login recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]