[Pkg-shadow-devel] Bug#317433: marked as done (su when CLOSE_SESSIONS is enabled doesn't work correctly when root shell is suspended)

Debian Bug Tracking System owner@bugs.debian.org
Fri Jul 8 13:48:16 UTC 2005


Your message dated Fri, 8 Jul 2005 15:32:06 +0200
with message-id <20050708133206.GB18304@nekral.homelinux.net>
and subject line [Pkg-shadow-devel] Bug#317433: su when CLOSE_SESSIONS is enabled doesn't work correctly when root shell is suspended
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Jul 2005 12:34:15 +0000
>From tytso@mit.edu Fri Jul 08 05:34:15 2005
Return-path: <tytso@mit.edu>
Received: from thunk.org (thunker.thunk.org) [69.25.196.29] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Dqs3a-00044b-00; Fri, 08 Jul 2005 05:34:14 -0700
Received: from root (helo=think.thunk.org)
	by thunker.thunk.org with local-esmtp   (Exim 3.35 #1 (Debian))
	id 1Dqs3a-0008AK-00; Fri, 08 Jul 2005 08:34:14 -0400
Received: from tytso by think.thunk.org with local (Exim 4.52)
	id 1Dqs3L-0000Dn-I0; Fri, 08 Jul 2005 08:33:59 -0400
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: su when CLOSE_SESSIONS is enabled doesn't work correctly when root shell is
 suspended
X-Mailer: reportbug 3.15
Date: Fri, 08 Jul 2005 08:33:59 -0400
Message-Id: <E1Dqs3L-0000Dn-I0@think.thunk.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,WIFE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: login
Version: 1:4.0.3-35
Severity: normal

When CLOSE_SESSIONS is enabled, /bin/su runs the shell in a forked
child process, thanks to the patch 008_su_PAM_session.  The problem
with this patch is that the parent process, which hangs around waiting
for the child to exit, doesn't notice if the child process stops
itself.  So when the root shell suspends itself (because the user has
issued the suspend command), the user sees a dead terminal, and no way
to regain control, because su doesn't relay the message up to its
original parent.  

To replicate this problem, enable CLOSE_SESSIONS and su to root using
bash as a shell.  For some reason, it doesn't show up if you are using
zsh, apparently because zsh is playing some funny process group games.
But it is definitely a problem with bash as a shell, which is
reasonably popular....

This portion of the patch 008_su_PAM_session

		default: /* parent */
			waitpid(pid, &status, 0);
			/* now we are done using PAM */
			pam_setcred(pamh, PAM_DELETE_CRED);
			ret = pam_close_session(pamh, 0);
			pam_end(pamh, ret);
			exit(WEXITSTATUS(status));
		}

Should be something like this:

		default: /* parent */
			while (1) {
				int r;
	
				r = waitpid(pid, &status, WUNTRACED);
				if (r < 0) {
					SYSLOG(LOG_ERR, "su: waitpid failure: %m");
					break;
				}
				if (WIFEXITED(status) || WIFSIGNALED(&status))
					break;
				if (WIFSTOPPED(&status)) {
					/* stop myself */
					kill(getpid(), SIGSTOP);
					/* running again, wake up the child */
					kill(pid, SIGCONT);
				}
			}
			/* now we are done using PAM */
			pam_setcred(pamh, PAM_DELETE_CRED);
			ret = pam_close_session(pamh, 0);
			pam_end(pamh, ret);
			exit(WEXITSTATUS(status));
		}
	

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.2
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages login depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

login recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 317433-done) by bugs.debian.org; 8 Jul 2005 13:32:08 +0000
>From nicolas.francois@centraliens.net Fri Jul 08 06:32:08 2005
Return-path: <nicolas.francois@centraliens.net>
Received: from relay-2v.club-internet.fr [194.158.96.113] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Dqsxb-0005rp-00; Fri, 08 Jul 2005 06:32:07 -0700
Received: from nekral.homelinux.net (f09v-5-201.d1.club-internet.fr [212.194.184.201])
	by relay-2v.club-internet.fr (Postfix) with ESMTP id 555121697
	for <317433-done@bugs.debian.org>; Fri,  8 Jul 2005 15:32:06 +0200 (CEST)
Received: by nekral.homelinux.net (Postfix, from userid 1000)
	id 2066B66B84; Fri,  8 Jul 2005 15:32:06 +0200 (CEST)
Date: Fri, 8 Jul 2005 15:32:06 +0200
From: Nicolas =?iso-8859-1?Q?Fran=E7ois?= <nicolas.francois@centraliens.net>
To: 317433-done@bugs.debian.org
Subject: Re: [Pkg-shadow-devel] Bug#317433: su when CLOSE_SESSIONS is enabled doesn't work correctly when root shell is suspended
Message-ID: <20050708133206.GB18304@nekral.homelinux.net>
References: <E1Dqs3L-0000Dn-I0@think.thunk.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1Dqs3L-0000Dn-I0@think.thunk.org>
User-Agent: Mutt/1.5.9i
Delivered-To: 317433-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_01,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Hi Theodore,

This issue was closed in the 4.0.3-36 release (in a very similar fashion),
hence I'm closing it.

Anyway, thanks for the bug report and for the patch.

Best Regards,
-- 
Nekral




More information about the Pkg-shadow-devel mailing list