(In reply to Colin Walters from comment #60)
> Can you send this patch to systemd-devel? Red Hat Bugzilla is a crappy
> patch system.
Can do, yes.
> On the actual content of your patch:
>
> * We could also check whether uid != getuid() - i mean we know the code
> above uses loginuid, so indirecting via lstat() is weird. But I'm OK with
> the code as is.
Does getuid() make any sense here? It's a PAM module, so do we ever expect this to be something else than root?
> * No need to log a message when this happens. We know it will happen, it's
> "normal", and there are already several log messages emitted for su.
Ack. That was primarily for debugging, so I guess I'll tone it down to LOG_DEBUG.
(In reply to Colin Walters from comment #60)
> Can you send this patch to systemd-devel? Red Hat Bugzilla is a crappy
> patch system.
Can do, yes.
> On the actual content of your patch:
>
> * We could also check whether uid != getuid() - i mean we know the code
> above uses loginuid, so indirecting via lstat() is weird. But I'm OK with
> the code as is.
Does getuid() make any sense here? It's a PAM module, so do we ever expect this to be something else than root?
> * No need to log a message when this happens. We know it will happen, it's
> "normal", and there are already several log messages emitted for su.
Ack. That was primarily for debugging, so I guess I'll tone it down to LOG_DEBUG.