[pam] Module pam_env does not unset environment variables

Bug #1599069 reported by Cade Forester
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
New
Undecided
Unassigned

Bug Description

Architecture: amd64
Date: 2016-07-05T07:10:34,326215642+0000 (printed by command "date --utc --iso-8601=ns")
DistroRelease: Ubuntu 14.04
Package: libpam-modules 1.1.8-1ubuntu2.2
PackageArchitecture: amd64
SourcePackage: pam
Uname: Linux 3.16.0-53-generic x86_64

Steps to reproduce.

1. Edit some files.

   Shell command:
      cat /etc/security/pam_env.conf

   Output of last shell command:
      TEST__SET_ME DEFAULT="value set successfully"
      TEST__CLEAR_ME DEFAULT="" OVERRIDE=""
      TEST__UNSET_ME DEFAULT= OVERRIDE=

   Shell command:
      cat /etc/pam.d/su

   Output of last shell command:
      auth sufficient pam_rootok.so
      session required pam_env.so readenv=1 debug
      # /etc/pam.d/common-auth
      auth [success=1 default=ignore] pam_unix.so nullok_secure
      auth requisite pam_deny.so
      auth required pam_permit.so
      auth optional pam_ecryptfs.so unwrap
      auth optional pam_cap.so
      # /etc/pam.d/common-account
      account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
      account requisite pam_deny.so
      account required pam_permit.so
      # /etc/pam.d/common-session
      session [default=1] pam_permit.so
      session requisite pam_deny.so
      session required pam_permit.so
      session optional pam_umask.so
      session required pam_unix.so
      session optional pam_ecryptfs.so unwrap
      session optional pam_ck_connector.so nox11

2. Run shell commands:
      env --ignore-environment sh
      export TEST__CLEAR_ME="variable not cleared"
      export TEST__UNSET_ME="variable still set"
      su --command env | grep TEST__

   Type root password.

   Output of last shell command:
      TEST__UNSET_ME=variable still set
      TEST__SET_ME=value set successfully
      TEST__CLEAR_ME=

   Related syslog output:
      su[11338] Successful su for root by local_user
      su[11338] + /dev/pts/0 local_user:root
      su[11338] pam_env(su:session): pam_putenv("TEST__ SET_ME=value set successfully")
      su[11338] pam_env(su:session): pam_putenv("TEST__ CLEAR_ME=")
      su[11338] pam_env(su:session): remove variable "TEST__UNSET_ME"
      su[11338] pam_env(su:session): pam_putenv: delete non-existent entry; TEST__UNSET_ME
      su[11338] pam_env(su:session): pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
      su[11338] pam_unix(su:session): session opened for user root by local_user(uid=1000)
      su[11338] pam_unix(su:session): session closed for user root

Actual result:
environment variable
TEST__UNSET_ME
not unset.

Expected result:
unset environment variable
TEST__UNSET_ME.

Bugs:
- pam module "pam_env.so"
  does not unset environment variables;
- man page pam_env(8) describe,
  what module can
  unset environment variables,
  but does not describe,
  how to do that
  (answer found in
  "pam-1.1.8/modules/pam_env/pam_env.c",
  line 472).

Cade Forester (ahx2323)
affects: ubuntu → pam (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.