pam_ecryptfs returns twice from fork in error conditions

Bug #1323421 reported by Anders Kaseorg on 2014-05-26
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)

Bug Description

While opening or closing a PAM session, if the setgroups() or setresuid() calls fail inside pam_ecryptfs’s forked child process, pam_ecryptfs returns to its caller in both the parent and child processes. This is similar to bug 938326, but the problem was reintroduced in the subsequent fix to bug 732614.

static int private_dir(pam_handle_t *pamh, int mount)
        if ((pid = fork()) < 0) {
                syslog(LOG_ERR, "pam_ecryptfs: Error setting up private mount");
                return 1;
        if (pid == 0) {
                        if (setgroups(1, &pwd->pw_gid) < 0 || setgid(pwd->pw_gid
                                return -1;
                        /* run mount.ecryptfs_private as the user */
                        if (setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid) < 0
                                return -1;
        } else {
                waitpid(pid, &rc, 0);
        return 0;

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: ecryptfs-utils 104-0ubuntu1
ProcVersionSignature: Ubuntu 3.15.0-2.6-generic 3.15.0-rc6
Uname: Linux 3.15.0-2-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.14.2-0ubuntu4
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon May 26 17:06:09 2014
EcryptfsInUse: Yes
InstallationDate: Installed on 2010-12-05 (1268 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha amd64 (20101202)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to utopic on 2013-10-31 (207 days ago)

Related branches

Anders Kaseorg (andersk) wrote :
Anders Kaseorg (andersk) on 2014-05-27
Changed in ecryptfs:
status: New → Fix Committed
Changed in ecryptfs:
status: Fix Committed → Fix Released
Changed in ecryptfs-utils (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers