Run PAM code inside session process
Bug #881466 reported by
Robert Ancell
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
Fix Released
|
Medium
|
Unassigned | ||
lightdm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Currently PAM code is run inside the main lightdm daemon process. This means that buggy PAM modules can crash lightdm (see bug 829221). We should change the architecture to run the PAM code inside the session processes before launching the user session.
Changed in lightdm (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in lightdm: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in lightdm: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Related to this could also be the problem that capabilities gained via pam_cap.so are dropped when logging in via lightm.
I haven't yet filed a seperate bug for this, and I think it won't be necessary if this is going to fix it. I'll see when this is changed.